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Introducing Mac OS X Server 1 


Mac OS X Server has everything you need to provide 
standards-based workgroup and Internet services, making it 
ideal for education, small businesses, and large enterprises. 


Mac OS X Server version 10.5 Leopard blends a mature, stable UNIX foundation with 
open standards and Macintosh ease of use. It provides an extensive array of services 
that support Macintosh, Windows, and UNIX client computers over a network. 


With Leopard Server, small organizations and workgroups without an IT department 
can take full advantage of the benefits of a server. Even a nontechnical user can set up 
and manage Leopard Server for a group. Other users in the group can automatically 
configure their Macs to get services from Leopard Server. Leopard Server has advanced 
configuration options and management tools for IT professionals as well. 
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What’s New in Leopard Server 
Mac OS X Server v10.5 Leopard offers major enhancements in several key areas: 


* Simple setup 

* Server Preferences and Server Status 

¢ iCal Server 

* Group services with wikis and blogs 

* Directory application 

* Podcast Producer 

* Spotlight Server 

¢ UNIX compliance and 64-bit computing 


Leopard Server also has significant performance and scalability improvements for key 
services, such as file sharing and mail services, compared to earlier versions. 


If you're an experienced server administrator and want to set up an enterprise server or 
have other advanced needs, you'll find enhancements to file sharing services, web 
technologies, media streaming, instant messaging, mail service, directory and network 
authentication, system imaging, and client management. Server Admin, Workgroup 
Manager, and System Image Utility are all improved. For more information, see Server 
Administration and the other advanced administration guides described in “Mac OS X 
Server Administration Guides” on page 144. 
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Simple Setup 

Using Mac OS X Server is easier than ever. Server Assistant eliminates the complexities 
of configuring a server. It walks you through the setup process and the configuration 
of essential services. It automatically configures your AirPort Extreme Base Station 
(802.11n) and runs a built-in network health check to verify local network and Internet 
connectivity. In a few clicks, Leopard Server readies file sharing, email, group websites, 
instant messaging, personal calendars, and remote access. 


Setting Up 


«server has been successfully configured. 


® Configuring network 

® Setting up configuration for standard server 
8 Setting up general machine configuration 
© Starting mail service 

®@ Starting file sharing service 

@ Starting web service 

® Starting instant messaging service 

® Starting VPN for remote access 

®& Creating user accounts 

@ Setting up other services 

® Testing Internet connection 
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Users can quickly and easily set up Macs with Mac OS X Leopard to get services from 
the server. They click a button in an invitation email or open the Directory Utility 
application to open an assistant that connects to the server and sets up applications to 
use its services. In no time, Mail, iChat, iCal, and a VPN network connection are all ready 
to use. iChat users see other users in their iChat buddy lists. Mail users are ready to 
send email to anyone in their group. Address Book, Directory, and Mail are ready to 
look up shared contact information in the server's directory. A printer connected to the 
server's USB port is automatically available to users. 
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Server Preferences and Server Status 

Leopard Server is even easier to keep running. Need to change something? With Server 
Preferences, you can quickly manage users, groups, services, and system information. 
You can use Server Preferences on the server, or use it on another Mac to manage your 


server over the network. 


Find the setting you 
need without knowing 
Jib cases ee its exact location 


page & 


Group Wikis: §4 Enable group wikis © 


Web Services: 4 Webmail © 
a) User blogs © 


ort | on a 


Web Service 


To monitor server performance and services, you can check graphs and statistics with 
the Server Status Dashboard widget. Server Status works over the network, so you can 
keep an eye on the server from another Mac. 


myserver.example.com myserver_example.com myserver_example.com 
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Monitor processor, 
network, or disk usage 


Check service status 
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iCal Server 

iCal Server makes it easy to share calendars, schedule meetings, and coordinate events 
within a workgroup, a small business, or a large organization. Colleagues can check 
each other's availability, propose and accept meetings, book conference rooms, reserve 
projectors, and more. iCal Server sends meeting invitations with agendas or to-do lists, 
and tabulates replies. 


iCal Server integrates with leading calendar applications including iCal 3 in Leopard 
and third-party calendar applications that support the standard CalDAV protocol. 
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Group Services with Wikis and Blogs 

Leopard Server includes a wiki service that makes it easy for groups to create and 
distribute information through their own shared intranet websites. All members of a 
group can easily view, search, and edit wiki content in their web browsers. By using 
included templates, or by creating their own, they can add, delete, edit, and format 
content naturally—without knowing markup codes or special syntax. With a few clicks, 
they can attach files and images, publish to podcasts, assign keywords, and link to 
other wiki pages or other websites. They can also review the wiki’s complete history of 
changes and revert pages to a previous version. In addition, they can view and 
contribute to shared calendars, blogs, and mailing list archives. 
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Each user can have a blog, which provides an easy way to keep colleagues up to date 
with projects, the files they’re working on, and pictures or podcasts. A personal blog is 
the perfect place to put information for your group, or just for your own reference. 
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Directory 

The Directory application gives users access to shared information about people, 
groups, locations, and resources within the organization. Users can share contacts, add 
groups, set up group services, and manage their own contact information. 
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Podcast Producer 

A video camera, a Mac, and Leopard Server are all you need to produce podcasts of 
lectures, training, or any other audio and video projects. Podcast Producer automates 
video and audio capture, encoding, and delivery. 


The Podcast Capture application installed on every Mac with Leopard allows users to 
record high-quality audio and video from a FireWire camera, USB microphone, iSight, 
or other supported device attached to a local or remote Mac. Podcast Capture 
automatically sends the completed recording to Podcast Producer on Leopard Server, 
which encodes and publishes the recording based on your workflow selection in 
Podcast Capture. Podcast Producer can add effects such as watermarks, titles, and 
introductory video, and then publish the podcast to a webpage, blog, iTunes, iTunes U, 
QuickTime streaming server, an iPod, Apple TV, iPhone, or other mobile phone. Leopard 
Server's mail service can even notify you when the job has completed. 


Chapter 1 Introducing Mac OS X Server 17 


In addition to recording audio and video, you can use Podcast Capture to record screen 
activity (for example a Keynote presentation) along with audio from a local or remote 
source. You can also use Podcast Capture to share QuickTime movies with others. 


Anyone with an Internet connection and authorization to use Podcast Capture can 
start the whole process. Simply log in to Podcast Capture, make a few selections, and 
click a button to start recording. Click another button to stop recording, enter a title 
and description, and click a button to start the podcast publishing process. Podcast 
Producer takes care of the rest. 


Podcast Producer automatically uses your server's Xgrid 2 service for high performance 
podcast encoding. Xgrid distributes encoding jobs across the network to Macs that 
have Leopard set up to share their spare processing power. You can accommodate 
more podcasts by adding Macs, and Xgrid scales automatically. 


Spotlight Server 

Spotlight simplifies finding content on a Mac, and Leopard Server extends Spotlight 
searching to the network. Spotlight Server lets Mac users quickly and easily find 
documents, files, and other content stored on your server. It works the way people 
think, by searching the content on mounted network volumes, not just looking at file 
names. There is no need to remember what someone else named a particular shared 
document, project, or file. Use Quick Look to view, play, and read found files without 
opening them. 
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Content indexing happens automatically and transparently on the server. No 
configuration of the server or users’ Macs is necessary. 


For security, Spotlight Server works with the file access controls and permissions of 
Mac OS X Server. A user's search lists only items to which the user has access, ensuring 
that secrets stay secret. So everyone in a group can store files on the server. Group 
members can easily find shared files, but outsiders can't find them. 


UNIX Compliance 

Leopard Server is an Open Brand UNIX 03 Registered Product, conforming to the SUSv3 
and POSIX 1003.1 specifications for the C API, Shell Utilities, and Threads. Leopard 
Server can compile and run all your UNIX 03-compliant code, so it can be deployed in 
environments that demand full conformance. Mac OS X Server also provides full 
compatibility with your server and application software. 


64-Bit Computing 

For the first time in Leopard Server, key server software components take advantage of 
64-bit computing to achieve higher performance and processing power and to work 
with larger data sets. Leopard Server runs 64-bit applications alongside 32-bit 
applications, optimized for each. 
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Server Configurations 

Leopard Server offers several options for setting up your server to suit your 
circumstances. The table on the next page lists some reasons for choosing each of the 
following configurations: 


* Standard: A simplified configuration ideal for the first server or only server in a small 
organization 


¢ Workgroup: An easy-to-use setup ideal for a workgroup in an organization with an 
existing directory server 


* Advanced: A flexible configuration ideal for advanced, highly customized 
deployments 


You can change a standard configuration to a workgroup configuration by connecting 
the server to a directory server in your organization. Conversely, you can change from 
workgroup to a standard configuration by disconnecting the server from the directory 
server. You can also convert to advanced from standard or workgroup (but not the 
reverse, except by reinstalling Leopard Server). For information about changing 
configurations, see “Connecting to a Directory Server” on page 135 and Server 
Administration (described in “Mac OS X Server Administration Guides” on page 144). 
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Reasons to choose Standard Workgroup Advanced 


Set up the first server or only server for a small / 
organization 


Have all services set up automatically J 


Ss 


Have only selected services set up automatically 


\ 


Use existing user accounts from your organization’s 
directory server 


Use one simple application, Server Preferences, to / / 
manage essential settings for user accounts, groups, 
and services 


Have Leopard users’ Macs automatically set up to use / / 
the server 


Need no server administration experience / / 


Completely control hundreds of service configuration A 
settings for multiple servers 


Manage user accounts, home folders, and preferences J 
for hundreds or thousands of users, groups, and 
computers 


Set up network home folders and mobile user A 
accounts 


Use powerful applications, such as Server Admin and A 
Workgroup Manager, or command-line tools, to 
configure services and manage clients 


Sy 


Save setup data for automatic setup of multiple servers 


% 


Upgrade existing servers 
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Leopard Server in Action 

The following illustration shows a standard configuration of Mac OS X Server in a small 
organization. The server connects to a local network together with some users’ 
computers. Other users’ computers connect to the local network wirelessly through an 
AirPort Extreme Base Station. The AirPort Extreme connects to the Internet through a 
DSL modem or cable modem and shares the Internet connection with the server and 
users’ computers. The server and users’ computers get their network addresses from 
the AirPort Extreme’s DHCP server. They get DNS name service from the Internet 
service provider (ISP). 


The server provides user and group accounts, shared folders, shared calendars, instant 
messaging, and a wiki website with blogs. The ISP doesn’t provide enough email 
addresses for everyone in the organization, so the server provides email addresses and 
mail service. 


Some users may check their email while away, but they don't have portable computers 
to take home or on the road. They can log in to the server's webmail service from their 
home computers or any borrowed computer with a web browser. 


Other users have their portable computers and home computers set up to connect to 
the server's VPN via the Internet. This gives them secure remote access, while working 
at home or traveling, to all the services that the server provides on the local network. 
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Leopard Server in a Workgroup 

The next illustration depicts a workgroup configuration of Mac OS X Server that serves 
a department in a large organization. This organization has an IT group that provides 
DHCP service for assigning network addresses, DNS name service, mail service, Internet 
access, and a VPN. 


Everyone in the department already has a user account provided by the organization's 
Open Directory server, so these user accounts have been imported to the workgroup 
server. This means everyone simply uses the user name and password they already 
know to authenticate for services provided by the workgroup server. Those services 
were automatically set up to use the Kerberos authentication of the Open Directory 
server, allowing users to log in once per session for all workgroup services. 


The workgroup server provides calendar and instant messaging services that work with 
the users’ Mac OS X iCal and iChat applications. The workgroup server also provides 
shared folders and wiki websites for groups within the department. Some 
departmental groups include participants from outside the department. A group's 
external members use their existing user accounts to access the group's shared folder, 
calendar, wiki, and blog. 


The department has some Windows users, who use Internet Explorer and Safari to 
access their group's wiki, calendar, and blog. Shared folders appear as mapped drives in 
their Network Places. They have also set up their PCs to use the workgroup server's 
Jabber instant messaging. 
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Services 

Leopard Server provides the services and system features shown in the following table. 
Services and system information are set up automatically for a standard or workgroup 
configuration, using information you provide during the initial server setup. 


After setting up a standard or workgroup configuration, you can change service and 
system settings. You can turn off services that you don't need, perhaps because you 
already have them. For example, a standard configuration doesn't need to provide mail 
service if you want to use the mail service provided by an Internet service provider. If 
no one needs to access your server from home or while traveling, you can turn off VPN 
service. 


A workgroup configuration may not need to provide mail or VPN service if your 
organization provides them. For information about service and system settings, see 
Chapter 4, “Managing Your Server,” Chapter 8, “Customizing Services,” and Chapter 9, 
“Managing Server Information.” 


If you select an advanced configuration during initial setup, services are not set up 
automatically. You use advanced administration applications such as Server Admin and 
Workgroup Manager, or command-line tools, to configure advanced settings for the 
services you need the server to provide. For information about an advanced 
configuration, see Server Administration and the other advanced administration guides 
described in “Mac OS X Server Administration Guides” on page 144. 
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Service Standard Workgroup Advanced 
File sharing (AFP and SMB protocols) Included Optional Optional 
File sharing (FTP and NFS protocols) Not used Not used Optional 
Printer sharing (directly connected USB or FireWire Automatic Automatic Not used 
printer) 

Print ~~SOtéCSstiC<Ctst‘i=Cté*:*~*s*™:SSNt sed = Not sed = Optional 
iCal (calendar sharing, event scheduling) Included Optional Optional 
iChat (instant messaging) Included Optional Optional 
Mail with spam and virus filtering Included Optional Optional 
Web (wikis, blogs, webmail) Included Optional Optional 
VPN (secure remote access) Optional Optional Optional 
Internet gateway (NAT, DNS) Optional Optional Optional 
Time Machine backup of server Optional Optional Not used 
Open Directory (user accounts and other data) Automatic Automatic Optional 
Application firewall Optional Optional Not used 
IP firewall with optional adaptive firewall Not used Not used Optional 
Podcast Producer Not used Not used Optional 
Comprehensive user and workgroup management Not used Not used Optional 

“Xgrid (computational clustering) ~=~=~—~—~S*S*«~«Nt sled ~=—sNotused = Optional 
DHCP, DNS, NAT Automatic Automatic Optional 

RADIUS SO*~=<C~Sst‘—‘—s~*”:”””””SC~”:”CNt sed = Noted = Optional 

“NetBoot and Netinstall (system imaging) ~=~—~—~—~=~=C*Ntused —Notused Optional 


LE 
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Service Standard Workgroup Advanced 


Spotlight (searching) Automatic Automatic Automatic 
QuickTime Streaming Not used Not used Optional 
Software update Not used Not used Optional 
Remote management Included Included Included 
Remote login (SSH) Included Included Included 


Applications and Utilities 

After setting up Leopard Server, you can change service settings and perform other 
server administration tasks using the applications described below. You can also use 
the Directory application, which is designed for users who aren't administrators to 
manage shared information in the server's directory. It’s installed on all Macs with 
Leopard as well as on your server. For information about using the Directory 
application or Directory Utility, open it and then use the Help menu. For information 
about using the other applications, see other chapters in this book. 


Applications for standard and workgroup server administrators 


Directory Gives users access to shared information about people, 

(in /Applications/Utilities/) groups, locations, and resources. Users can share 
contacts, add groups set up group services, and 
manage their own contact information. 


Directory Utility Connect your server to a directory server in your 
(in /Applications/Utilities/) organization. 

Server Assistant Install or set up Mac OS X Server on a remote 

(in /Applications/Server/) computer. 
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Applications for standard and workgroup server administrators 


Server Preferences Manage users and groups, customize services and 
(in /Applications/Server/) system information, and monitor server activity. 
Server Status widget for Dashboard Monitor server activity from any Mac with Leopard. 


Advanced Tools and Applications 

If you set up an advanced configuration of Leopard Server, you administer it using the 
applications and tools listed below. For more information, see Server Administration and 
the other advanced administration guides described in “Mac OS X Server 
Administration Guides” on page 144. 


Important: If you have administrative applications and tools from Mac OS X Server 
version 10.4 Tiger or earlier, do not use them with Leopard Server. 


Applications and tools for advanced server administrators 


Directory Utility Connect the server to a directory server in your 

(in /Applications/Utilities/) organization. 

Podcast Capture Lets users record high-quality audio and video from a 
(in /Applications/Utilities/) local or remote camera, capture screen activity, or 


upload QuickTime files into Podcast Producer for 
encoding and distribution. 


QuickTime Broadcaster Captures live audio and video and works seamlessly 
(in /Applications/) with QuickTime Streaming Server for high-quality 
network broadcasting. 


RAID Admin Set up and monitor Xserve RAID hardware. 
(in /Applications/Server/) 
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Applications and tools for advanced server administrators 


Server Admin Set up services, manage file share points, change 

(in /Applications/Server/) service setup, and customize server settings. Monitor 
server activity and view detailed service logs. 

Server Assistant Install or set up Mac OS X Server on a remote 

(in /Applications/Server/) computer. 

Server Monitor Remotely monitor and manage one or more Xserve 

(in /Applications/Server/) systems. 

System Image Utility Create and customize NetBoot and Netinstall images 

(in /Applications/Server/) for Mac OS X and Mac OS X Server computers. 

Workgroup Manager Manage users, groups, computers, and computer 

(in /Applications/Server/) groups in advanced server deployments. Manage 
preferences for Mac OS X users. 

Xgrid Admin Remotely manage clusters and monitor the activity of 

(in /Applications/Server/) controllers, agents, and the status of jobs on the grid. 

Command-line tools Use UNIX tools to install and set up server software, 


administer services, manage users, and so forth. 
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Installing Mac OS X Server 


Use the Installer to install Leopard Server locally, or use 
Server Assistant to install remotely. 


To get started you need to: 
« Make sure the target server meets system requirements 
* Connect the target server to your Ethernet network 


« Use the /nstallation & Setup Worksheet to collect information you'll need (it’s in the 
Documentation folder on the Mac OS x Server Install Disc) 


* Install Mac OS X Server version 10.5 Leopard using one of these methods: 
* Install locally if the target server has a display that you can use conveniently 
* Install remotely if the target server is inconveniently located or doesn't have a 


display 


For information about installing Leopard Server on multiple servers, performing 
automated installations, and other advanced installation methods, see Server 


Administration. For information about upgrading or migrating to Leopard Server from 


an earlier version of Mac OS X Server, see Upgrading and Migrating. These advanced 
guides are described in “Mac OS X Server Administration Guides” on page 144. 
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What You Need to Install Leopard Server 


To install Leopard Server, you need a Macintosh desktop computer or server with: 

* An Intel processor or PowerPC G5 or G4 (867 MHz or faster) processor 

* At least 1 gigabyte (GB) of random access memory (RAM) 

* At least 20 gigabytes (GB) of disk space available 

« An active connection to a secure Ethernet network 

A standard or workgroup server needs significantly more disk space—such as a high 


capacity external hard drive—if you want to back up the server using Time Machine. 
(Time Machine backup of server data isn’t supported for an advanced server.) 


A built-in DVD drive is convenient but you can attach an external FireWire DVD drive or 
a Mac that has a DVD drive and is operating in target disk mode instead. 


A display is optional. You can install and administer Mac OS X Server on a computer 
that has no display by using an administrator computer. For information, see 
“Preparing an Administrator Computer” on page 36. 


Some encoding operations require a compatible graphics card. 


Your server doesn’t need to be located where someone has constant access to it. When 
you need to perform administrative tasks, you can use any Mac that you've set up as an 
administrator computer. 


Unless you have a site license, you need a unique serial number for each server. You 
must use a Mac OS X Server v10.5 Leopard serial number, which begins with XSVR-105. 
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Installing Mac OS X Server Securely 

When you start up a computer from the Mac OS x Server Install Disc, SSH remote login 
service and VNC screen sharing service start automatically in order to make remote 
installation possible. 


Important: Make sure the network is secure before you install or reinstall Mac OS X 
Server, because SSH and VNC give others access to the computer over the network. 


For example, set up your local network so that only users you trust can access it. Avoid 
having Ethernet jacks in public places. If you have an AirPort Base Station or other 
wireless access point, configure it to use WEP-2 authentication with a strong 
password. Consider making the wireless network name private. Also, try to keep the 
hardware serial number confidential, because it’s used as the password for remote 
installation and setup. 


Chapter 2. Installing Mac OS X Server 


33 


34 


Installing Locally 

You can install Mac OS X Server directly onto the target server by starting up the server 
from the Mac OS xX Server Install Disc. The Installer application guides you through the 
interactive installation process. The target server must have a display attached so you 
can interact with the Installer. 


WER FRR SSRIS 


Installer 
application 


Target server 


You can perform: 


« A new installation of Mac OS X Server on a disk that doesn’t already have Mac OS X 
Server or Mac OS X installed 


¢ A clean installation, which installs Mac OS X Server after erasing and formatting a 
target disk 


To install Mac OS X Server locally: 
If you're planning to erase or partition the target disk, make sure you have a backup of 
the disk. 


Make sure the computer has an active connection to a secure Ethernet network. 
This network connection is needed to set up the server’s Open Directory domain. 


Start up the computer, log in if necessary, and insert the Mac OS X Server Install Disc into 
the DVD drive. 
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4 Open the Install Mac OS X Server application and click the Restart button. 


The application is in the Mac OS X Server Install Disc window. 


If you see an Install button instead of a Restart button in the lower-right corner of the 
application window, click Install and proceed through the Installer panes by following 
the onscreen instructions (skip steps 5 through 8 below). When installation is complete, 
restart the server. Server Assistant opens so you can set up the server. For information, 
see Chapter 3, “Setting Up Mac OS X Server.” 


After the computer restarts, choose the language you want to use on the server, and 
then click the arrow button. 


Proceed through the Installer panes by following the onscreen instructions. 


7 When the Select a Destination pane appears, select a target disk or volume (partition) 


and make sure it’s in the expected state. 


lf you need to erase the target disk, click Options, select Erase and Install, choose a 
format, and click OK. 


You can instead choose Utilities > Disk Utility to erase the target disk using a less 
common format, partition the server's hard disk, or create a RAID set. 


For more information, see Appendix A, “Preparing Disks for Installing Mac OS X Server.” 


After installation is complete, the computer restarts and Server Assistant opens so you 
can set up the server. 


For information, see Chapter 3, “Setting Up Mac OS X Server.” 
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Preparing an Administrator Computer 

You can use an administrator computer to install Mac OS X Server on another 
computer over the network. As illustrated below, you start up the server using the 
Mac OS X Server Install Disc and use Server Assistant application the administrator 
computer to perform remote installation. The target server doesn’t need a display. 
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Server Administrator Target server 
Assistant computer with DVD drive 


You can also use an administrator computer to set up and manage Mac OS X Server 
remotely. For information, see “Setting Up a Server Remotely” on page 44 and 
“Connecting Server Preferences to a Remote Server” on page 51. 


You make a Mac OS X computer into an administrator computer by installing server 
administration software on it. If you have another server with Leopard Server already 
set up, you can use it as an administrator computer as well. 
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To set up an administrator computer: 

Make sure the Mac OS X computer has Mac OS X version 10.5 Leopard installed. 
Insert the Administration Tools disc. 

Open the Installers folder. 


Double-click ServerAdministrationSoftware.mpkg to open the Installer, and then follow 
the onscreen instructions. 


Installing Remotely 

Using Server Assistant on an administrator computer, you can install Mac OS X Server 
on another computer over the network. The computer you're installing on doesn’t need 
a display, but it does need a DVD drive for the Mac OS X Server Install Disc. lf the 
computer doesn't have a built-in DVD drive, you can attach an external FireWire DVD 
drive or a Mac that has a DVD drive and is operating in target disk mode. 


You can perform: 


¢ Anew installation of Mac OS X Server on a disk that doesn’t already have Mac OS X 
Server or Mac OS X installed. 


* A clean installation, which installs Mac OS X Server after erasing and formatting a 
target disk. 
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To install Mac OS X Server remotely: 
If you're planning to erase the target disk or partition, make sure you have a backup of 
it, and optionally use Disk Utility to prepare the target disk. 


If you only need to erase the target disk using the most common format, Mac OS 
Extended (Journaled), you don't need to use Disk Utility. With Disk Utility, you can erase 
the target disk using other formats, partition the server's hard disk, or create a RAID set. 
For information about using Disk Utility for these tasks, see Appendix A, “Preparing 
Disks for Installing Mac OS X Server.” 


Start up the target server with the Mac OS X Server Install Disc. 


If the target server has a built-in DVD drive, insert the disc and then restart the 
computer while holding down the C key on the keyboard. Release the C key when you 
see the Apple logo. 

If the target server has an external FireWire DVD drive, restart the computer while 
holding down the Option key, select the icon representing the Mac OS X Server Install 
Disc, and then click the Arrow button. 

On an administrator computer, open Server Assistant, select “Install Mac OS X Server on 
a remote computer,” and click Continue. 

Server Assistant is located in /Applications/Server/. You can use Server Assistant 
without an administrator account. 

In the Destination pane, identify the target server and select it in the list. 

You can identify a server by its IP address, DNS name, or MAC address (also called the 
Ethernet address or hardware address). 
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For servers that Server Assistant finds on the local network (IP subnet), the IP address 
may be assigned automatically by a DHCP server on the network. If no DHCP server 
exists, the target server uses a 169.254.xxx.xxx address unique among servers on the 
local network. Later, when you set up the server, you can change the IP address. 

If the server you want isn’t listed, you can click Refresh List to have Server Assistant look 
again for servers that are ready for installation on your local network. If the server you 
want is on a different local network, choose “Server at IP Address” from the “Install to” 
pop-up menu, and enter an IP address in IPv4 format (for example, 192.0.2.200). You 
can also choose “Server at DNS Name” and enter the server's DNS name. 

When prompted for a password, type the first 8 characters of the server's built-in 
hardware serial number. 

To find the serial number, look for a label on the server. Match the capitalization of the 
serial number when you type it. 

For a computer that has no built-in hardware serial number, use 12345678 as the 
password. 

Proceed through the Install Language, Important Info, and Software License panes, 
following the onscreen instructions. 

For information about settings in a Server Assistant pane, click the Help button in the 
pane. 

In the Volumes pane, select a target disk or partition, make sure it’s in the expected 
state, and click Continue. 


For information about the disk status icons, click the Help button in the Volumes pane. 
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8 If the volume you selected already has Mac OS X Server or Mac OS X installed, select an 
available option and then click OK. 


The options may include: 


* Erase using Mac OS X Extended (Journaled) format, then install: Completely erases the 
destination volume before installing a new copy of Mac OS X Server. 


Upgrade Mac OS X Server: This option is available only if the target volume has the 

latest update of Mac OS X Server v10.4 Tiger or has Mac OS X Server v10.3.9 Panther. 

You can upgrade this volume to an advanced configuration of Leopard Server 

without erasing the destination volume. For information, see Upgrading and 

Migrating (described in “Mac OS X Server Administration Guides” on page 144). 

9 After installation is complete, the target server restarts and you can continue using 
Server Assistant to set up the server remotely. 


For information, see Chapter 3, “Setting Up Mac OS X Server.” 


Instead of using Server Assistant on an administrator computer, you can remotely 
control installation by using screen sharing on a Mac with Mac OS X v10.5 Leopard or 
with Apple Remote Desktop (which you can purchase separately) on another Mac. For 
more information, see Server Administration (described in “Mac OS X Server 
Administration Guides” on page 144). 
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Setting Up Mac OS X Server 


Server Assistant leads you through setting up your server 
for the first time. 


Server Assistant opens automatically when you: 
* Finish installing Mac OS X Server version 10.5 Leopard 


¢ Start up a new server with Leopard Server preinstalled 


You can use Server Assistant: 

* Locally on the server 

* Remotely on an administrator computer to set up the server over the network 

For information about interactively setting up multiple servers or automatically setting 


up an advanced configuration, see Server Administration (described in “Mac OS X Server 
Administration Guides” on page 144). 
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Setting Up a Server Locally 
You can set up a new server or a computer with Mac OS X Server newly installed by 
using the server's keyboard, mouse, and display. 


To set up a server locally: 

Prepare for setup by filling out a printed copy of the /nstallation & Setup Worksheet. 

The Installation & Setup Worksheet is located on the Mac OS X Server Install Disc in the 

Documentation folder. 

If you have DHCP or DNS service provided by your ISP, Internet router, or other servers 

on your network, make sure they are set up for your new server and are running. 

If you want to set up your server as an Internet gateway, so the server shares an 

Internet connection with other computers on your network, make sure of the 

following: 

* One Ethernet port, or interface, connects to your DSL modem, cable modem, or other 
Internet source. The Internet interface must have a public IP address (not a private IP 
address like 10.0.1.1 or 192.168.1.1). 

« Another Ethernet port connects to your local network. 

During setup, you specify which port connects to the Internet. For example, if the 

server's built-in Ethernet port connects to the Internet, you would specify it as the 

Internet port. If your server has more than two Ethernet ports, you select at least one of 

them as a local network port. 

If the server is off, turn it on. 

When the server starts up, Server Assistant opens automatically. 

Proceed through the Server Assistant panes, following the onscreen instructions and 

entering the information you've recorded on the Installation & Setup Worksheet. 
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For information about settings in a Server Assistant pane, click the Help button in the 
pane. 


When server setup is complete, you can: 


* Take a few additional steps to keep your server secure. For information, see “Keeping 
Your Server Secure” and “Protecting the System Administrator (root) Account,” next. 


Use Software Update to install any available Mac OS X Server updates. For 
information, see “Keeping Leopard Server Up to Date” on page 54. 


Configure an AirPort Base Station or an Internet router so that users can access your 
server over the Internet. For information, see Appendix B, “Configuring an Internet 
Router.” 


Use Server Preferences to set up users and groups, customize services and system 
information, and monitor server activity. You can also use the Server Status widget 
with Dashboard to monitor your server. For information about these tasks, see 
Chapters 4 through 9 or open Server Preferences and then use the Help menu. 


Keeping Your Server Secure 

For security, you should create a standard user account after completing server setup. 
When you log in on the server, routinely use this standard account instead of an 
administrator account. Then use your administrator account with each application that 
requires administrator privileges. For example, use your administrator name and 
password with Server Preferences when you need to manage users, groups, or services. 


To create a standard user account, use the Accounts pane of System Preferences on the 
server. For information, open System Preferences and then use the Help menu. 
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Protecting the System Administrator (root) Account 

The administrator password you enter during setup is also used for the server's System 
Administrator user account, whose short name is root. The System Administrator (root) 
account can move or delete any file in the system, including system files not available 
to a server administrator account or any other user account. You don't need root user 
privileges to administer your server. 


Important: Protecting the root user password is very important, so it should not be the 
same as another account's password. 


After setting up the server, you should change the password of the root user account. 
For information about changing the root user's password, open Directory Utility (in 
/Applications/Utilities/) and then use the Help menu. 


Setting Up a Server Remotely 

If you have a new server or another computer with Mac OS X Server newly installed, 
you can set it up over the network by using Server Assistant on an administrator 
computer. The server you're setting up doesn’t need a keyboard or display. For 
information about administrator computers, see “Preparing an Administrator 
Computer” on page 36. 


To set up a remote server: 
Prepare for setup by filling out a printed copy of the /nstallation & Setup Worksheet. 


The Installation & Setup Worksheet is located on the Mac OS xX Server Install Disc in the 
Documentation folder. 
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2 If you have DHCP or DNS service provided by your ISP, Internet router, or other servers 


on you network, make sure they are set up for your new server and are running. 


If you want to set up your server as an Internet gateway, so the server shares an 
Internet connection with other computers on your network, make sure of the 
following: 


* One Ethernet port, or interface, connects to your DSL modem, cable modem, or other 
Internet source. The Internet interface must have a public IP address (not a private IP 
address like 10.0.1.1 or 192.168.1.1). 

* Another Ethernet port connects to your local network. 

During setup, you specify which port connects to the Internet. For example, if the 

server's built-in Ethernet port connects to the Internet, you would specify it as the 

Internet port. If your server has more than two Ethernet ports, you select at least one of 

them as a local network port. 

If the server is off, turn it on. 

When the server starts up, Server Assistant opens automatically and waits for remote 

setup to begin. 

On an administrator computer, open Server Assistant, select “Set up a remote server,” 

and click Continue. 

Server Assistant is located in /Applications/Server/. You can use Server Assistant 

without an administrator account on the local computer. 

In the Destination pane, type the preset password in the Password column for the 

server you want to set up, and then select the Apply checkbox. 
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If the server isn't listed, click Refresh List to have Server Assistant look again for servers 
that are ready to set up on your local network (IP subnet). If the server you want is on a 
different local network, click the Add (+) button and enter its IP address or DNS name. 


The preset password consists of the first 8 characters of the computer's built-in 
hardware serial number, which is located on a label on the computer. Match the 
capitalization of the serial number when you type it. For a computer that has no built- 
in hardware serial number, use 12345678 as the password. 

Click Continue and proceed through the Server Assistant panes, following the onscreen 
instructions and entering the information you've recorded on the Installation & Setup 
Worksheet. 


For information about settings in Server Assistant, click the Help button in any pane. 


When server setup is complete, you can: 

* Take a few steps to keep your server secure. For information, see “Keeping Your 
Server Secure” on page 43 and “Protecting the System Administrator (root) Account" 
on page 44. 


Use Software Update to install any available Mac OS X Server updates. For 
information, see “Keeping Leopard Server Up to Date” on page 54. 


Configure an AirPort Base Station or an Internet router so that users can access your 
server over the Internet. For information, see Appendix B, “Configuring an Internet 
Router.” 


Use Server Preferences to set up users and groups, customize services and system 
information, and monitor server activity. You can also use the Server Status widget 
with Dashboard to monitor your server. For information about these tasks, see 
Chapters 4 through 9 or open Server Preferences and then use the Help menu. 
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Managing Your Server 


Use the Server Status widget, Server Preferences, Time 
Machine, and Software Update to check status, change 
settings, back up and restore, and update server software. 


Check status with Server Preferences or the Server Status widget. Find and change 
server settings with Server Preferences. Use Server Preferences and the Server Status 
widget on the server itself or over the network from any Mac with Leopard. Set Time 
Machine preferences to back up the server, and restore using the Time Machine 
application or the Installer. Keep the server software current with Software Update. 


Using Server Preferences 

With Server Preferences, you can check the status of services and change their settings. 
You use Server Preferences to manage various aspects of a standard or workgroup 
configuration of Leopard Server, such as who can use its services, how its services are 
configured, or what its status is. 
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When you open Server Preferences, individual preferences are grouped in the 
categories described below. 


* Accounts: Manage users and groups. 


* Services: Customize settings for file sharing, iCal calendar service, iChat instant 
messaging service, mail service, web services, and VPN remote access service. 


* System: Check server information, service logs, graphs of server activity, and firewall 
settings. 

To manage a standard or workgroup server: 

Open Server Preferences. 

Server Preferences is located in /Applications/Server/. 


lf Server Preferences asks you for Server, User Name, and Password, enter the server's 
DNS name or IP address, the name of an administrator user account on the server, and 
the password for the administrator account. 


The account you created when you set up the server is an administrator account. 
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Using the Server Status Widget 
You can use the Server Status widget to monitor the status of Mac OS X Server either 
on the server itself or from another computer with Mac OS X Server or Mac OS X. 


myserver.example.com myserver.example.com myserver.example.com ¢ 


Server 


HMy-Serveriocai | Server toca! 


User Name 


Password 


To use the Server Status widget: 
Open Dashboard, click its Open (+) button, and then click or drag the Server Status 
widget from the widget bar. 


You can open Dashboard by clicking its icon in the Dock or pressing its keyboard 
shortcut, which is usually the F12 key. 


Enter the server's DNS name or IP address, an administrator name and password, and 
then click Done. 


When the Server Status widget is connected to a server, it displays the server's DNS 
name and status information about the server and its services. 


Monitor processor utilization, network load, or disk usage by clicking an icon below the 
graph. 

Change the processor or network graph’s time period to one hour, day, or week by 
clicking the graph. 
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If your server has more than one disk, you can see the status of each disk in turn by 
clicking the disk usage graph. 

Check the status indicator and current number of connections for the listed services. A 
green indicator means the service is running. 

Open the Server Preferences pane for a listed service by clicking the service in the 
widget. 

Connect to a different server by moving the mouse to the upper left corner of the 
widget and clicking the small Info (i) button. 


You can open another Server Status widget to see more than one aspect of a server's 
status at once or to monitor another server on the network. 


The Server Status widget requires Mac OS X Server version 10.5 Leopard or Mac OS X 
v10.5 Leopard. 


For information about widgets and Dashboard, switch to the Finder and then use the 
Help menu. 


You can also see graphs of server activity using Server Preferences. For information, see 
“Monitoring Server Graphs” on page 141. 
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Finding Settings in Server Preferences 

Server Preferences contains dozens of settings you can change to customize your 
computer. You can quickly search Server Preferences to find the specific setting you 
want. 


To find settings in Server Preferences: 
Open Server Preferences. 


In the search box, type a word or phrase that describes what you want to change. For 
example, if you want to add members to a group, type “group members.” 


As you type, you see possible matches to what you're typing below the search box. 
When you see what you're looking for in the search results list, stop typing. One or 
more preferences are spotlighted in the Server Preferences window. 

Click the item in the list that matches what you want to change. In the pane that 
opens, you can change the settings for that item. 


Connecting Server Preferences to a Remote Server 
You can connect Server Preferences to a server over the network and manage users, 
groups, services, and system information remotely. 


To manage a Server remotely: 

Open Server Preferences on an administrator computer and choose Connection > New 
Connection. 

For information about administrator computers, see “Preparing an Administrator 
Computer” on page 36. 
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2 Enter the remote server's DNS name or IP address and the name and password of an 
administrator account on the remote server. 


When Server Preferences is connected to a remote server, the server's name or IP 
address is displayed in the title bar of the Server Preferences window. 


To reconnect to a server you have connected to recently, choose Connection > Open 
Recent Connection, and then choose the server you want. 


You can connect Server Preferences to standard and workgroup configurations of 
Leopard Server, but not to an advanced configuration of Leopard Server or an earlier 
version of Mac OS X Server. 


Closing a Server Preferences Connection 

For security, you should close a Server Preferences window when you are not actively 
using it to manage the server's users, groups, services, or system information. Leaving a 
server connection open on an unattended server makes it easier for an unauthorized 
person to make changes to users, groups, or services. 


Here are ways you can close a Server Preferences connection: 
= Close the Server Preferences window. 
=® Choose Connection > Close. 
= Quit Server Preferences. 


If you close the only open Server Preferences window, Server Preferences quits 
automatically. 
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Backing Up and Restoring the Server 

You can back up server files automatically using Time Machine. It's a comprehensive 
backup solution for the system. It automatically makes a complete backup of all files on 
the system to either a locally attached external hard drive or a remote network file 
system. It also keeps track as files are created, updated, or deleted over time. Time 
Machine backs up the changes and creates a history of the file system that you can 
navigate by date. You can use its intuitive time-based visual browser to search back 
through time to find and restore any files that were backed up. 


You can set up a list of folders and disks that you want excluded from backup. Time 
Machine automatically excludes temporary and cache files located in /tmp/, /Library/ 
Logs/, /Library/Caches/, and /Users/username/Library/Caches/. 


You set backup options in the Time Machine pane of System Preferences. You use the 
Time Machine application to restore files. You can also restore the entire system to a 
previous state using the Installer. For information about backing up and restoring with 
Time Machine or the Installer, open System Preferences and then use the Help menu. 


Note: You can restore a standard or workgroup configuration from a Time Machine 
backup, but may not be able to completely restore advanced settings changed with 
Server Admin. 
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Keeping Leopard Server Up to Date 

When your server is connected to the Internet, Software Update can automatically get 
the latest free Leopard Server version, security updates, and other enhancements from 
Apple. Your server is set to check automatically for updates once a week, but you can 
set it to check daily or monthly. You can also check now. 


Ce) CV 


{ Scheduled: Check installed Updates 


Software Update checks for new ard updated versions of your software 
based on information about your computer and current software, 


Last check Software Update ran successfully 
Sunday, july 1, 2007 9.43 PM 


f4 Check for updates © Weekly gd 


__' Download important updates automatically 


You will be notified when the updates are ready to be instalied ~~ 


To check for updates or adjust automatic updating: 
Open System Preferences. 


Click the Software Update Icon and follow the onscreen instructions. 


lf your organization has another server with Mac OS X Server, your server may get 
software updates from it rather than from Apple. An expert administrator can set up 
Mac OS X Server to provide software update service by using Server Admin. 


You can also download software updates directly from the Apple Downloads website: 


www.apple.com/support/downloads 
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Managing Users 


Create or import user accounts, change their settings, 
or delete them in the Users pane of Server Preferences. 


In the Users pane, you set up accounts for people who use the services that this server 
provides, and you control which services they can access. You can update their contact 
information and change their group memberships. You can also edit the email 
messages that can be sent to new users. For information about the settings and 
controls in this pane, click the Help button in the lower-right corner of the Server 
Preferences window. 


Q Name: Bill James 


g ian Chaves ( Reset Password... ) 
A Maria Ruiz 
| R Mei Chen 
9 Ravi Patel 
y Server Administ 
2 Tom Clark {— Allow user to administer this server 
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About User Accounts 

User accounts on your server allow users to gain access to services provided by the 
server. A user account contains the information needed to prove the user's identity for 
all services that require authentication. A user account also provides a centralized place 
to store a user's contact information and other data. 


Each user account can provide an email address, iChat instant messaging address, 
personal calendar, and VPN remote access to your server. Users can also be members 
of groups, authorizing them to access group resources such as a shared group folder, 
group website, and group calendar. Of course, if any of these services is turned off, 
then users don't have access to it. 


You can add new user accounts in the Users pane of Server Preferences by: 
* Creating new accounts 


* Importing existing accounts, if your organization has a directory server and your 
server is connected to it 


You can import user accounts individually. You can also automatically import all user 
accounts that are members of a group. 


New user accounts you create are stored in your server's directory. Imported user 
accounts remain in your organization's directory server. You can supplement imported 
accounts with contact information, group membership information, and so forth. The 
supplemental information is stored in your server's directory. When someone uses an 
imported user account, your server automatically combines the account information 
stored in the directory server with supplemental account information stored in your 
server's directory. 
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You can use Server Preferences to edit user accounts created on your server. Users can 
also edit their own accounts using the Directory application. 


If your server has imported user accounts, you can use Server Preferences to edit an 
account's supplemental information in your server's directory, but not the account 
information in your organization's directory. An administrator of that directory can edit 
its account information using tools for the directory server. 


Users who have administrator privileges on their own computers can create /ocal user 
accounts with the Accounts pane of System Preferences. These local user accounts are 
stored on the user's computer. Local user accounts have home folders on the computer 
and can be used for logging in to the computer. Local user accounts can’t be used to 
access the server over the network. 


Because your server is also a Mac OS X computer, it has local accounts in addition to 
server accounts and possibly imported accounts. Your server's local accounts can be 
used to log in to it, and a local account with administrator privileges can be used to 
administer the server. For information about administrator privileges, see “About 
Administrator Accounts,” next. 
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The following table summarizes the key differences between server accounts, imported 
accounts, and local accounts. 


Account type Stored in Created by Used for 
Server accounts Your server's directory You (a server Group membership, 
administrator), using contact information, 
Server Preferences authenticating for 
services 
Imported accounts Your organization's Directory server's Group membership, 
directory server, with administrator contact information, 
supplements in your authenticating for 
server's directory services 
Local accounts Each Mac OS X A user with an Home folders, logging 
computer administrator account — in to the computer 


on the computer, 
using Accounts 
preferences 


About Administrator Accounts 

You need an administrator account on your server to create other user accounts, 
create groups, change server settings, and perform other tasks using Server 
Preferences. With an administrator account, you can also make changes to locked 
preferences in System Preferences, install software on the server, and perform other 
tasks that standard users can't. 
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Your server has two administrator accounts after you finish the initial setup process 
described in Chapter 3. The primary administrator account is the one whose name and 
password you entered while setting up the server. The other administrator account also 
has the password you entered, but its name is Local Administrator, and its short name 
is localadmin. The table below summarizes their similarities and differences. 


The primary administrator account is in your server's directory together with other user 
accounts you create using the Users pane of Server Preferences. You can use this 
administrator account on the server itself, and you can use it to manage your server 
over the network from another Mac. 


The Local Administrator account is stored on the server, not in its directory, together 
with any user accounts you might create using the Accounts pane of System 
Preferences. You can use the Local Administrator account to log in on the server and 
use Server Preferences on the server in the event of a malfunction that makes the other 
administrator account unusable. 


Primary administrator Local administrator 
Name and short name Specified during setup Local Administrator and 
localadmin 
Password Specified during setup Specified during setup 
Stored in the server's directory Yes No 
Can be used from an Yes No 


administrator computer 
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When you create a new user account, you specify whether the user is an administrator 
or a standard user. You can also make an imported user account a server administrator. 
If you don't want a user to be able to use Server Preferences or install software on the 
server, don't make the user an administrator. 


To keep your computer secure, don’t share an administrator name and password with 
anyone. Be sure to log out when you leave your computer, or set up a locked screen 
saver using the Screen Saver pane and Security pane of System Preferences. If you 
leave your computer while you're logged in and the screen is unlocked, someone could 
sit down at your computer while you're away and make changes using your 
administrator privileges. 


For added security, routinely log in on the server using a standard user account. Use 
your administrator name and password when you open Server Preferences or other 
application that requires administrator privileges. 


Never set an administrator to be automatically logged in when the server starts up. If 
you do, someone can simply restart the server to gain access as an administrator. 


Adding a User Account 

You can add an individual user account for each person who uses the services provided 
by your server. Your server gives each user account a separate email address, iChat 
address, and personal calendar. User accounts can also have access to the server's 
shared files and shared websites, and they can use VPN to access the server remotely. 
Availability of each service is subject to the service being turned on, and you can 
separately control each user account's access to services. 
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To add a new user account: 
Click the Add (+) button in the Users pane of Server Preferences. 


If you see a pop-up menu, choose one of the commands: 


Import User From Directory: You can import users’ existing accounts from your 
organization's directory server. For information about doing this, see “Importing Users” 
on page 62. 

Create New User: You generally add new users from your organization's directory server 


if possible, but you can also create new user accounts in your server's directory. To do 
this, continue with step 3. 

If you don’t see a pop-up menu when you click the Add (+) button, your server isn’t 
connected to a directory server. Continue with step 3 to create a user account in your 
server's directory. 

Enter the user’s name. 

The name can be as long as 255 characters (from 255 Roman characters to as few as 85 
Japanese characters). It can include spaces. 

If you don't want to use the short name generated automatically, type a new short 
name. (Once the account is created, you won't be able to change the short name.) 

The short name typically is eight or fewer characters, but can be as long as 255 Roman 
characters. Use only the characters a through z, A through Z, 0 through 9, 

_ (underscore), or - (hyphen). 


Note: If the user whose account you're creating already has a Mac set up, try to use the 
same short name for the user's account on the server. Having the same short name will 
facilitate logging in for services. 
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5 Enter the user's password in the Password and Verify fields. 


You can use Password Assistant to help you choose a new password. Click the Key 
button to the right of the Password field to see how secure the new password is. 


Select “Allow user to administer this computer” if this user account needs to create 
other user accounts, create groups, install software on the server, or change server 
settings. 


Importing Users 

If your server is connected to your organization's directory server, you can import users’ 
existing accounts. Your server gives each imported user account a separate iChat 
address and personal calendar. Imported user accounts can also have access to the 
server's shared files and shared websites. If your server's mail service and VPN service 
are turned on, imported user accounts get email addresses and can use VPN to access 
the server remotely. Access to each service is subject to the service being turned on, 
and you can separately control each imported user account's access to services. 


To import a user account: 

Before importing a user account, be sure the invitation email is worded to suit your 
needs. 

For information, see “Customizing the Server Invitation Email” on page 75. 

In the Users pane of Server Preferences, click the Add (+) button and choose “Import 
User From Directory” from the pop-up menu. 


If you don’t see a pop-up menu when you click Add (+), your server isn’t connected to 
a directory server in your organization. See “Connecting to a Directory Server” on 
page 135. 
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If your organization doesn't have a directory server (apart from your server), you can 
create new user accounts. For information about creating new user accounts, see 
“Adding a User Account” on page 60. 


Select a user account from the list of accounts on your organization's directory server, 
optionally select “Send imported users an email invitation,” and then click Import. 


When you're finished importing user accounts, click Done. 


User accounts you import using this procedure are listed as “Imported” in the Users 
pane. 


Instead of importing user accounts individually using this procedure, you can import 
user accounts automatically from groups. For information about how to do this, see the 
next section. 


Importing Groups of Users Automatically 

If your server is connected to your organization's directory server, you can import 
groups of existing user accounts. If you import a group, your server automatically 
imports user accounts for all group members. Your server periodically checks with your 
organization's directory server for changes in each imported group’s membership, and 
automatically adds and removes imported user accounts as users are added to or 
removed from an imported group. 
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Your server gives each imported user account a separate iChat address and personal 
calendar. Imported user accounts can also have access to the server's shared files and 
shared websites. If your server's mail service and VPN service are turned on, imported 
user accounts get email addresses and can use VPN to access the server remotely. 
Access to each service is subject to the service being turned on, and you can separately 
control each imported user account's access to services. 


To import user accounts automatically from groups: 

Before importing user accounts from groups, be sure the invitation email is worded to 
suit your needs. 

For information, see “Customizing the Server Invitation Email” on page 75. 

In the Users pane of Server Preferences, click the Action (gear) button and choose 
“Import Users From Groups” from the pop-up menu. 

If the Action pop-up menu doesn't include this option, your server isn’t connected to a 
directory server. See “Connecting to a Directory Server” on page 135. 

If your organization doesn't have a directory server (apart from your server), you can 
create new user accounts. For information about creating new user accounts, see 
“Adding a User Account” on page 60. 
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3 Change the list on the right so it contains the groups whose members you want to 
import automatically. 


Add an available group by selecting it in the list on the left and clicking Add. 

Remove a group to import by selecting it in the list on the right and clicking Remove. 
4 Optionally select “Send new imported users an email invitation.” 
5 When you'r satisfied with the list of groups to import, click Save. 


User accounts that are imported automatically from groups are listed as “Automatic” in 
the Users pane. 


You can also import user accounts individually. For information about how to do this, 
see “Importing Users” on page 62. 


Deleting a User Account 

You can use Server Preferences to delete user accounts that are no longer needed for 
your server. Deleting a user account cancels its group memberships and stops it from 
being an automatic iChat buddy. Deleting a user account also deletes the mail the user 
has stored on the server and makes the user's personal calendar inaccessible. 


To delete a user account: 
1 In the Users pane of Server Preferences, select the user account you want to change in 
the list on the left. 


2 Click the Delete (—) button. 
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Changing a User’s Account Settings 
Change a user's name, password, picture, or administrator privilege by clicking Account 
in the Users pane of Server Preferences. 
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To change account settings for a user: 

In the Users pane of Server Preferences, select the user account you want to change in 
the list on the left. 

Click Account, and then change any available setting, using the following information 
as a guide: 

Name: Enter the user’s name. It can be used with the password to authenticate for 
services. 


Short Name: This is an abbreviation of the user’s name. It’s used for the user’s email 


and iChat addresses. It can also be used with the password to authenticate for services. 


It can't be changed after the account is created. 


Reset Password: Click to reset the password. The password can't be changed for a user 
account that’s imported from a directory server. 


Picture: Click to set the user's picture by choosing a picture, taking a picture with an 
attached camera, or applying a visual effect. 


Allow user to administer this server: \f selected, this user account can manage users, 
groups, and services with Server Preferences. 


If settings besides the short name are dimmed in the Account pane, you can't change 
them because they are stored the directory server that your server is connected to. 


Users with Leopard can change their own account information using the Directory 
application. 
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Changing a User's Contact Info 

Change a user's first and last names, address, email and chat addresses, website 
address, and blog address by clicking Contact Info in the Users pane of Server 
Preferences. 
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To change contact information for a user: 
In the Users pane of Server Preferences, select the user account you want to change in 
the list on the left. 


Click Contact Info, and then change any available setting, using the following 
information as a guide: 


Name: The user's first name and last name. 

Address: The user's postal address. 

Contact: The user's instant messaging addresses and email addresses. 
¢ To add an address, click the Add (+) button. 

* To remove an address, select it and click the Delete (—) button. 
Website: The user's personal website address, beginning with http://. 
Weblog: The user's personal blog address, beginning with http://. 


If some settings in the Contact Info pane are dimmed, you can't change them because 
they are stored in the directory server that your server is connected to. 


Users with Leopard can change their own contact info using the Directory application. 
For information, see “Working with Directory Information on Leopard Users’ Macs” on 
page 90. 


Controlling a User’s Access to Services 
Control a user's access to individual services by clicking Services in the Users pane of 
Server Preferences. 
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To change service access settings for a user: 
1 In the Users pane of Server Preferences, select the user account you want to control in 
the list on the left. 


2 Click Services, and then select the services that you want to let the user access. 
Deselect the services you don’t want the user to access. 


Changing a User’s Group Membership 
Make a user a member of a group or remove a user from a group by clicking Groups in 
the Users pane. 
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To change group membership for a user: 
In the Users pane of Server Preferences, select the user account you want to change in 
the list on the left. 


Click Groups, and then click Edit Membership. 


Select the checkbox next to each group you want the user to be a member of. Deselect 
the checkbox next to each group you don't want the user to be a member of. 

When you finish making changes, click Edit Membership again to display a static list of 
groups that the user belongs to. 


For information about adding, removing, or configuring groups, see Chapter 7, 
“Managing Groups.” 


Changing a User’s Name or Password 
You can use Server Preferences to change the name or password for a standard user 
account or an administrator account. 


To change a user account’s name or password: 
In the Users pane of Server Preferences, select a standard or administrator user account 
you want to change in the list on the left, and then click Account. 


lf you want to change the name, edit the Name field. 


The name can be as long as 255 characters (from 255 Roman characters to as few as 85 
Japanese characters). It can include spaces. 


You can't change a user account's short name using Server Preferences. 


If you want to change the password, click Reset Password, enter the new password in 
the New Password and Verify fields, and click Change Password. 
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You can use Password Assistant to help you choose a new password. Click the Key 
button to the right of the New Password field to see how secure the new password is. 


Users with Leopard can change their name and password using the Directory 
application. Users can change their passwords when authenticating for file sharing. 


If your server has imported user accounts, or user accounts imported automatically 
from groups, their names or passwords can be changed by an administrator of the 
directory server where the accounts are stored. If that directory server is a standard 
configuration of Mac OS X Server and you are an administrator of it, you can connect 
Server Preferences to it remotely and then make the changes. For information about 
how to connect remotely, see “Connecting Server Preferences to a Remote Server” on 
page 51. 


If your server's imported user accounts are stored on an advanced configuration of 
Mac OS X Server, the directory administrator can use Workgroup Manager to change 
the account name and password. For information about using Workgroup Manager, 
open it and then use the Help menu. 


To change the password or other attributes of the Local Administrator account, use the 
Accounts pane of System Preferences after setting up the server. For information about 
changing local accounts, open System Preferences and then use the Help menu. 


To change the password of the System Administrator (root) account, use the Directory 
Utility application after setting up the server. For information about using Directory 
Utility, open it and then use the Help menu. 
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Changing a User's Picture 

You can use Server Preferences to change the picture for a standard user account or an 
administrator account. If your server has imported user accounts or user accounts 
imported automatically from groups, you can change their pictures unless the pictures 
were set on your organization's directory server. 


To change the picture for a user account: 
In the Users pane of Server Preferences, select a user account you want to change in 
the list on the left, and then click Account. 


To use an included picture, click the picture field and choose a picture from the pop-up 
menu. 


To edit the picture or use a one from a camera or a file, click the picture field, choose 
Edit Picture from the pop-up menu, make changes to the picture as desired, and then 
click Set or Cancel. 


To choose a picture you've used recently, click Recent Pictures. 
To move the picture, drag it up, down, or sideways. 
To crop the picture, drag the slider. 


To capture a new picture using a video camera attached to the computer, click the 
Camera button. 


To apply a visual effect, click the Visual Effects (grid) button, scroll through the available 
effects, and select the effect you want. 


To use a picture file, click Choose. 
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Users with Leopard can change their own pictures using the Directory application. For 
information, see “Working with Directory Information on Leopard Users’ Macs” on 
page 90. 


Customizing the Welcome Email 

You can use Server Preferences to add your name, email address, and a personal 
introduction to the standard email message that your server sends to tell new users 
about its services. The standard message specifies the server's DNS name and the 
recipient's email address, and it explains the services that the server provides. The 
standard message also includes links to available file sharing and web services. 


The server sends the email automatically when you add a new user account. However, 
your server doesn't send the email if its mail service is stopped when you add new user 
accounts. 


To customize the email sent to newly added user accounts: 
In the Users pane of Server Preferences, click the Action (gear) button and choose 
“Email Message Settings” from the pop-up menu. 


Enter the sender's name and email address in the Admin Full Name and Admin Email 
fields. 

Optionally enter a personal message in the Welcome field. 

You can use the message to introduce yourself, so recipients know the email is 
genuine. Example: Hi, I’m the administrator for our server, myserver.example.com. If 
you need help getting services from it, please don't hesitate to send me an email or call 
me at 310-555-4357, —Bill 
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Users receive the welcome email when they start using their email accounts. They see 
your name and message in a boxed section set apart from the standard message text 
that the server generates. 


Customizing the Server Invitation Email 

You can use Server Preferences to add your name, email address, and a personal 
introduction to the standard email message that your server can send to tell newly 
imported users how to get its services. The standard message specifies the server’s DNS 
name, and it explains the services that the server provides. Recipients who have 

Mac OS X v10.5 Leopard can click a button in the email to automatically set up their 
Macs to get services from your server. The standard message also includes links to 
available file sharing and web services. 


You can select an option to send the email when you import users or a group of users. 
The server sends the invitation to email addresses that already exist in the imported 
user accounts. The server doesn't send the invitation to an imported user account that 
doesn't contain an email address. 


To customize the email sent to newly imported user accounts: 
In the Users pane of Server Preferences, click the Action (gear) button and choose 
“Email Message Settings” from the pop-up menu. 


Enter the sender’s name and email address in the Admin Full Name and Admin Email 
fields. 


Optionally enter a personal message in the Invitation field. 


If you don't see an Invitation field, your server isn’t connected to a directory server. See 
“Connecting to a Directory Server” on page 135. 
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You can use the message to introduce yourself, so recipients know the email is 
genuine. Example: Hi, I'm the administrator for our server, myserver.example.com. If 
you need help setting up your computer to get services from it, please don't hesitate to 
send me an email or call me at 310-555-4357. —Bill 


Recipients see your name and message in a boxed section set apart from the standard 
message text that the server generates. 


Customizing the Group Invitation Email 

You can use Server Preferences to add your name, email address, and a personal 
introduction to the standard email message that your server can send to tell new 
external members of a group how to use the group's services. The standard message 
specifies the group name and the server's DNS name, and it explains the services that 
the server provides. The standard message also includes links to available file sharing 
and group services. 


You can select an option to send the email when you add users or groups from your 
organization's directory server as external members of a group on your server. The 
server sends the invitation to email addresses that already exist in each new external 
member's user account. The server doesn’t sent the invitation to a new external 
member whose user account doesn't contain an email address. 
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To customize the email sent to new external members of a group: 

In the Users pane of Server Preferences, click the Action (gear) button and choose 
“Email Message Settings” from the pop-up menu. 

Enter the sender's name and email address in the Admin Full Name and Admin Email 
fields. 


Optionally enter a personal message in the Group Invitation field. 


If you don't see the Group Invitation field, your server isn’t connected to a directory 
server. See “Connecting to a Directory Server” on page 135. 

You can use the message to introduce yourself, so recipients know the email is 
genuine. Example: Hi, I’m the administrator for the server myserver.example.com, 
which provides services for the group. If you need help getting group services from the 
server, please don't hesitate to send me an email or call me at 310-555-4357. —Bill 


Recipients see your name and message in a boxed section set apart from the standard 
message text that the server generates. 
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Managing Users’ Computers 


Learn how to help users set up their computers to use the 
services you server provides. 


Users need to set up their computers to get services from your server. Users with 
Mac OS X version 10.5 Leopard can have their computers set up automatically. Users 
with earlier Mac OS X versions or Windows need to set up their computers manually. 


Users whose Macs have Leopard and are connected to your server can use the 
Directory application to share contacts, add groups, set up group services, and manage 
their own contact information. 


Setting Up Leopard Users’ Macs Automatically 

Users who have Mac OS X v10.5 Leopard can automatically set up their Macs to get 
services from your server. The procedure is different for three types of Leopard users, as 
explained in the following table. 
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Automatic setup for Begins after users For information, see 


New users of Leopard (with a Complete the “Connect to “Setting Up Services for New 
new Mac or Leopard newly Mac OS X Server” pane during — Leopard Users,” next 
installed) if your server is a Leopard setup 

standard configuration 

Current users of Leopard Click the button in the “Setting Up Leopard Users 
whose accounts you import invitation email they receive with an Invitation Email” on 
from a directory server page 84 

Current users of Leopard Open the Directory Utility “Setting Up a Mac by Using 
whose accounts you create on —_ application (or after it opens Directory Utility” on page 85 
the server automatically) 


After a user finishes one of the automatic setup procedures, the user is ready to access 
services as shown in the table on the next page. (Of course, the user can only access 
services that are turned on.) 


The user's local account is tied to the user’s server account, and the local account is 

labeled “Managed” in the Accounts pane of System Preferences. Both accounts have 

the same password. 

+ If the user's server account is new, its password is changed to the password from the 
user's existing local account. 

* If the user’s server account is imported from an existing account in a directory server, 
this account's password replaces the user's local account password. 
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If the user changes the password in the Accounts pane of System Preferences, the 
server account password will change to match. 


If a user’s accounts were created with different user names, the user can change the 
long name of the local account by using the Accounts pane of System Preferences. The 
user can also use the Directory application to change the long name of the server 
account. 


For information about local, server, and imported user accounts, see “About User 
Accounts” on page 56. 


Address Book Other users’ contact information 

Directory User, group, and resource information 

Finder Shared folders 

iCal User's personal calendar and group calendar 

iChat User's Jabber account and buddy list 

Mail User's email account and other users’ email addresses 
Safari Server website: http://myserver.example.com 


Group wikis: http://myserver.example.com/groups 
User blogs: http://myserver.example.com/users 
Webmail: http://myserver.example.com/webmail 


Network preferences VPN connection 
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Setting Up Services for New Leopard Users 

During initial setup of a new Mac or a Mac with Mac OS X v10.5 Leopard newly 
installed, the “Connect to Mac OS X Server” pane lets the user choose your server if it 
has a standard configuration of Leopard Server and the user has an account on it. (A 
server is a standard configuration if it doesn’t have imported user accounts and isn't 
connected to a directory server.) 


Connect to Mac OS X Server 


The following computers running Mac OS X Server have been found. 
You can set up this computer to use services from a Mac OS X Server 
on your network. 


i Use the following Mac OS X Server 


( My Server _—————_—— User chooses your 
Vi = server 
Name: Anne johnson ———_—_—————————— User specifies an 
Password: |s+eseee sia account on your 
server 


Continue ° 
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This pane appears only if the Mac detects a standard configuration of Leopard Server 
on the network. This pane doesn't allow a user to choose a workgroup configuration of 
Leopard Server. (A server is a workgroup configuration if it’s connected to a directory 
server. See “Connecting to a Directory Server” on page 136.) 


If the user completes this pane: 


* A local user account is created on the user’s Mac based on the specified account on 
the server. Both accounts have the same long name, short name, and password. 


* A home folder is set up on the user’s computer. 


* The user's computer is automatically connected to your server and configured to get 
services from it. For information about how the computer gets services, see “Setting 
Up Leopard Users’ Macs Automatically” on page 79. 


The user may be unable to complete the “Connect to Mac OS X Server” pane for several 
reasons. For example: 


¢ The user may not know your server's name or may not have a user account on the 
server. In these cases, the user can skip the “Connect to Mac OS X Server” pane by 
deselecting “Use the following Mac OS X Server.” 


¢ The user’s Mac may not be connected to the network during initial setup. In this case, 
the “Create Your Account” pane appears instead of the “Connect to Mac OS X Server” 
pane, and the user creates a new account not based on a server account. 


If the user doesn’t complete the “Connect to Mac OS X Server” pane for any reason, the 
user can finish initial setup and then configure the Mac to get services from your 
server. For information about how the user does this, see “Setting Up a Mac by Using 
Directory Utility” on page 85. 
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Setting Up Leopard Users with an Invitation Email 

If some users already have Mac OS X v10.5 Leopard set up and you import their user 
accounts from a directory server, you can have an email sent inviting them to join the 
server. Leopard users can click a button in the invitation email to begin using an 
assistant that connects their computers to the server and sets up their applications 

to get its services. For information about the assistant, see “Setting Up a Mac by Using 
Directory Utility,” next. 


Note: To receive an invitation email, an imported user must have an email address 

in the user's account on the directory server. Only users with imported user accounts 
receive the invitation email. Users with accounts you create on your server don't 
receive the invitation email. The next two sections describe how their computers 
get set up. 


When Leopard users click the button in the invitation email to use the assistant, it 
checks the server for a user account with a long name or short name that matches the 
local user account that’s currently logged in on the user's computer. If the assistant 
finds a match, it asks whether the user wants to tie the local account to the server 
account. If the user agrees, the local account is changed to use the password from the 
account on the server. The user's home folder remains on the user’s computer. 


The user chooses whether to have applications set up to get services from the server. 
For information about how applications are set up, see “Setting Up Leopard Users’ 
Macs Automatically” on page 79. 


For information about adding your name, email address, and a personal introduction to 
the standard message text that the server generates for the invitation email, see 
“Customizing the Server Invitation Email” on page 75. 
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Setting Up a Mac by Using Directory Utility 

If a Mac with Mac OS X v10.5 Leopard isn’t connected to a server yet, and Leopard 
detects your server on the network, Directory Utility opens automatically. It displays an 
assistant that connects the Mac to the server and sets up applications to use its 
services. The user can also open Directory Utility manually, and it will display the 
assistant if it detects your server. 


iE Rea 
“fntroduction 
The Mac OS X Server "My Group Server” can provide the following 


services. Would you like to set up your computer to use the offered 
services? } 


iChat 
Sets up 2 hat ac smut tor ¥ and populares yo 
i 2 File Sharing 
jj Adds shared disks to the Finder sidebar 
, iCal 
Le Creates a perkona Mendar 1 yOu on the server and ands it to iCal 


Web 


Gives You access to a group website with a wiki and 4 bieg 


{") Don't ask me about this server again ( Begin Setup } 

While using the assistant: 

* The user decides whether to set up the Mac to get services from your server. If 
Directory Utility discovers more than one server that can provide services, it lists the 
servers by computer name and IP address and the user has to know which server to 


choose. The list includes only servers with a standard or workgroup configuration of 
Leopard Server. 
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* The user enters the name and password of the user account on the server and the 
password of the local user account that's currently logged in on the user's computer. 
The password of the server account changes to the password of the local account. 
The user's home folder remains on the user's computer. 


« The user chooses whether to have applications set up to get services from the server. 
For information about how the applications get services, see “Setting Up Leopard 
Users’ Macs Automatically” on page 79. 


Setting Up Users’ Computers Manually 

Users who have Mac OS X v10.4 Tiger or earlier, or who are running Windows, can get 
services from your server by configuring their applications manually. They can use the 
settings in the following table, replacing the italicized placeholders with your server's 
DNS name and the user's short name. 


Application Settings 

Finder afp://myserver.example.com 
(File sharing) smb://myserver.example.com 
iChat Account type: Jabber 

(XMPP instant messaging application) Server: myserver.example.com 


Jabber ID: usershortname@myserver.example.com 
Authentication: Kerberos v5 preferred 
Port: 5223 
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Application Settings 
Mail Account type: IMAP or POP 
(Email application) Incoming mail server: myserver.example.com 


Outgoing mail server: myserver.example.com 
Email address: usershortname@myserver.example.com 
Authentication: Kerberos v5 preferred 


iCal Subscribe to: http://myserver.example.com:8008/ 
(CalDAV calendar application) principals/users/usershortname 
If the calendar application supports SSL, subscribe to: 
https://myserver.example.com:8443/principals/users/ 


usershortname 
Safari Website: http://myserver.example.com 
(Web browser) Group wikis: http://myserver.example.com/groups 


User blogs: http://myserver.example.com/users 
Webmail: http://myserver.example.com/webmail 


Internet Connect See “Setting Up a Mac User's VPN Connection,” next, 
(VPN connection) or “Setting Up a User’s VPN Connection Manually” on 
page 89 


Setting Up a Mac User’s VPN Connection 

You can use Server Preferences to generate a file that Mac users can open to create a 
VPN configuration automatically. Then a user can make a VPN connection to the server 
and its network via the Internet. The configuration file works with Mac OS X v10.3 or 
later. For information about generating the configuration file, see page 126. 


When you give Mac users a VPN configuration file you have generated, you can also 
give them the following instructions for using it. 
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Using a VPN Configuration File 

If you got a VPN configuration file from the person who manages your server, and you 
have Mac OS X version 10.3 or later, you can use the file to set up your computer for 
making VPN connections to the server. The configuration file contains all the 
information necessary to make a VPN connection to the server, except the name and 
password of your user account on the server. 


To import a VPN configuration from a file: 
1 Open the file and select VPN (L2TP) if asked where to put the imported 
configuration. 


2 Enter your user account name in the Account Name field. 


3 If the server administrator tells you to enter your user account password, enter it in 
the Password field. 


If you have Mac OS X v10.5 Leopard, click Authentication Settings to see the 
Password field. 


For security, the administrator may tell you not to enter your password now. 


4 Quit the application, and save or apply your changes when prompted. 


If you want to make a VPN connection from a network with a firewall, configure it to 
allow traffic on UDP ports 500 and 4500, and on IP protocol 50. 


If you didn't enter your password before saving the VPN configuration, you'll be asked 
to enter it each time you make a VPN connection to the server. 
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Setting Up a User's VPN Connection Manually 

Users may be unable to import VPN settings from a configuration file because they 

don't have the file or they have Windows computers, which can't use the file. These 

users Can manually set up their computers for a VPN connection to your server. They 

need to create a new VPN configuration and enter the following VPN connection 

settings: 

* VPN server or host: your server's DNS name or public IP address 

* VPN type: L2TP over IPSec 

* Shared secret (key) for IPSec: shown in the VPN pane of Server Preferences when you 
click Edit and select “Show shared secret” 

* Account name: the short name of the user’s account on your server 


* User password: the password of the user’s account on your server 


Users who want to make a VPN connection from a computer or network with a firewall 
need to configure the firewall to allow traffic on UDP ports 500 and 4500, and on IP 
protocol 50. 
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Working with Directory Information on Leopard Users’ Macs 
Users who have Mac OS X v10.5 Leopard can use the Directory application to view 
shared information about people, groups, locations, and resources. They can use 
Directory to share contacts, add and remove groups, change group membership, set 
up group services, and manage their own contact information. 
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When users look up information about other people, they'll see more than just contact 
information. Directory can display the picture a person has provided, list public groups 
the person belongs to, list the person’s manager and direct reports, and show a map 
that pinpoints the person's location. 


Directory works together with several Mac OS X applications. Users can create shared 
contacts from Address Book entries, click email addresses to send email using Mail, or 
visit group wiki websites in Safari. 


Directory shows users the records from your server's directory. If your server is 
connected to a directory server, Directory also shows its records. 


Note: Changes that users make with Directory show up in Server Preferences. To see 
the most recent changes made with Directory, you may need to choose View > Refresh 
in Server Preferences. 


For information about how to use Directory, open it and then use the Help menu. 
Directory is located in /Applications/Utilities/. 
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Managing Groups 


Use the Groups pane to add or delete groups, see and 
change group membership, or configure group services. 


In the Groups pane, you create groups, set up group services such as wikis and blogs, 
add and remove group members, and delete unneeded groups. For information about 
the settings and controls in this pane, click the Help button in the lower-right corner of 
the Server Preferences window. 


Group Name: Sales 


Short Name: sais 
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Creating a New Group 

You can create a new group whenever some server users need their own mailing list, 
shared group folder, wiki and blog, calendar, or mailing list archive. You select which of 
those services each group has. 


To create a new group: 

Click the Add (+) button in the Groups pane of Server Preferences. 

Enter a name for the group, optionally change the short name, and click Create Group. 
The group name can be as long as 255 characters (from 255 Roman characters to as 
few as 85 Japanese characters). It can include spaces. 

Once the account is created, you won't be able to change the short name. If you don't 
want to use the short name generated automatically, type a new short name. 

The short name typically is eight or fewer characters, but can be as long as 255 Roman 
characters. Use only the characters a through z, A through Z, 0 through 9, 

_ (underscore), or - (hyphen). 

Select the services you want this group to have. 

File sharing folder: A shared group folder is set up, and group members can get files 
from the shared group folder and put files in it. It's named after the group's short name 
and located on the server's startup disk at /Groups/. 

Mailing list: A group email address is set up using the group short name, and group 
members receive all mail sent to the group address. 
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Wiki and blog: Group members can view and contribute to the group wiki using their 
web browsers. 


Web calendar: Group members can check the group calendar and add events to it 
using their web browsers. 

Mailing list web archive: Group members can read archived email sent to the group 
email address. 

Add users to the group by clicking Members, and add users and groups from your 
organization’s directory server by clicking External Members. 

For instructions, see “Adding or Removing Members of a Group” on page 97 and 
“Adding or Removing External Members of a Group” on page 99. 

If you don't see an External Members tab (shown on page 99), your server isn't 
connected to a directory server. See “Connecting to a Directory Server” on page 135. 


To access group services, group members must authenticate using their user account 
name and password. Availability of group services is subject to file sharing service, iCal 
service, web services, and mail service being turned on. 


Users with Leopard can add groups using the Directory application. For information, 
see “Working with Directory Information on Leopard Users’ Macs” on page 90. 
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Deleting a Group 


You can use Server Preferences to delete groups that are no longer needed. 


To delete a group: 
In the Groups pane of Server Preferences, select the group you want to delete in the 
list on the left. 


Click the Delete (—) button. 
After you delete a group, the group's shared folder and website folder remain on the 
server's startup disk. The shared folder is located at /Groups/, and the group website 


folder is at /Library/Collaboration/Groups/. You can keep these folders or drag them to 
the Trash. 


Users with Leopard can remove groups using the Directory application. For 
instructions, users can open Directory and then use the Help menu. 
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Adding or Removing Members of a Group 

In the Groups pane, you can add or remove group members who are users you have 
created or imported in the Users pane. (To have imported users, your server must be 
connected to a directory server.) 
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Click the Edit Membership button to edit group membership. 
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To add or remove members of a group: 
In the Groups pane of Server Preferences, select the group you want to edit in the list 
on the left. 


Click Members, and then click Edit Membership. 


3 Select the checkbox next to each user you want to be a member of the group. Deselect 


the checkbox next to each user you don’t want to be a member. 


When you finish, click Edit Membership again to display a static list of group members. 


Users with Leopard can add and remove group members using the Directory 
application. For information, see “Working with Directory Information on Leopard 
Users’ Macs” on page 90. 


For information about adding, deleting, or configuring user accounts, see Chapter 5, 
“Managing Users.” 
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Adding or Removing External Members of a Group 

If your server is connected to a directory server, your group members can include users 
and group from the directory server. External members don’t have user accounts on 
your server, but they can use the group's wiki website. You use the Groups pane to add 
or remove external group members. 


-o-l Group Settings | Members External Members. | xte mberse | 


Add users and groups from an external directory server to 
provide them with access to this group's services. 
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To add or remove external group members: 
1 Before adding external group members, be sure the group invitation email is worded 
to suit your needs. 


For information, see “Customizing the Group Invitation Email” on page 76. 


2 In the Groups pane of Server Preferences, select the group you want to change in the 
list on the left, and click External Members. 


If you don't see an External Members tab, your server isn’t connected to a directory 
server. See “Connecting to a Directory Server” on page 135. 


3 To remove an external group member, select the member in the list on the right, and 
then click the Delete (—) button below the list. 


4 To add a group member, click the Add (+) button below the list of members. 


5 Select a prospective member from the list, optionally select “Send added users an email 
invitation,” and click Add to Group. 


To search for a user or group, type the first part of the name in the search box. 
To show or hide users and groups below a heading, click the triangle in the heading. 
6 When you finish adding members, click Done. 


For information about adding, deleting, or configuring user accounts, see Chapter 5, 
“Managing Users.” 
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Changing Group Settings 

Change a group's name or set up group services by clicking Groups in the Users pane 
of Server Preferences. Group services include a shared group folder, group mailing list, 
group website with wiki and blog, web calendar, and web mailing list archive. For 
information about the settings and controls in this pane, click the Help button in the 
lower-right corner of the Server Preferences window. 
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Changing a Group’s Name 
You can use Server Preferences to change the name of a group. 
To change a group's name: 


In the Groups pane of Server Preferences, select the group you want to change in the 
list on the left, and then click Group Settings. 


Edit the Group Name field. 


The name can be as long as 255 characters (from 255 Roman characters to as few as 85 
Japanese characters). It can include spaces. 


You can’t change a group's short name using Server Preferences. 


Setting Up a Group File Sharing Folder 

You can use Server Preferences to set up a shared folder for a group. Group members 
can get files from the shared group folder and put files in it. It's named using the 
group’s short name and is located on the server's startup disk at /Groups/. 


To set up a file sharing folder for a group: 
In the Groups pane of Server Preferences, select a group in the list on the left or create 
a new group, and then click Group Settings. 


For information, see “Creating a New Group” on page 94. 


Select “File sharing folder.” 
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3 Click Show All, click File Sharing, and make sure file sharing service is on and access to 


— 


the Groups shared folder is turned on. 


Group members authenticate using their user account name and password to access 
the group's shared folder. 


Setting Up a Group Mailing List 

You can use Server Preferences to set up a mailing list for a group. A group email 
address is set up using the group’s short name. The server takes mail sent to that 
address and delivers it to the email address of each member of the group. 


To set up a mailing list for a group: 
In the Groups pane of Server Preferences, select a group in the list on the left or create 
a new group, and then click Group Settings. 


2 Select “Mailing list.” 


3 Click Show All and make sure mail service is on. 


Setting Up a Group Wiki Website 

You can use Server Preferences to set up a group website with wiki, blog, optional 
calendar, and optional mailing list archive. Using their web browsers, group members 
can view and contribute to the group wiki and blog, check the group calendar and add 
events to it, and read archived email sent to the group email address. 
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To set up a wiki website for a group: 
In the Groups pane of Server Preferences, select a group in the list on the left or create 
a new group, and then click Group Settings. 


2 Select “Wiki and blog.” 


3 Select “Web calendar” if you want the group website to include a shared calendar of 


events. 

Select “Mailing list web archive” and “Mailing list” if you want the group website to 
include a group mailing list archive. 

Click Show All, click Web, and make sure web service is on and the “Enable group wikis” 
option is selected. 

lf you turned on the web calendar in step 3, click Show All and make sure iCal service is 
on. 

If you turned on the web mailing list web archive in step 4, click Show All and make 
sure mail service is on. 


i 


You can open the group wiki website by clicking the link arrow next to “Wiki and blog.’ 
You can open the group web calendar by clicking the link arrow next to “Web 
calendar.” 


For information about using the wiki, blog, calendar, and mailing list archive, see the 
built-in help on the group website. 


Group members can view their website at: 


http://serverDNSname/groups/groupshortname 
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Replace the italicized placeholders with the server's DNS name and the group short 
name. The server's DNS name is shown in the Information pane of Server Preferences. 


Group members log in using their user account name and password to access the 
group's wiki, blog, web calendar, or web mailing list archive. 


You can control access to group services by using the Directory application (located in 


/Applications/Utilities/). For information about using Directory, open it and use the 
Help menu. 


Setting Up a Group Calendar 

You can use Server Preferences to set up a group calendar as part of a group wiki 
website. Users can check the group calendar and add events to it using their web 
browsers. 


To set up a web calendar for a group with a wiki website: 
In the Groups pane of Server Preferences, click Group Settings and in the list on the 
left, select a group that has a wiki website. 


2 Select “Web calendar.” 


3 Click Show All, click iCal, and make sure iCal service is on. 


You can open the group web calendar by clicking the link arrow next to “Web 
calendar.” 


Group members can view their web calendar at: 


http://serverDNSname/groups/groupshortname/calendar 
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Replace the italicized placeholders with the server's DNS name and the group short 
name. The server's DNS name is shown in the Information pane of Server Preferences. 


Group members log in using their user account name and password to access the 
group's web calendar. 


Setting Up a Group Mailing List Archive 

You can use Server Preferences to set up a mailing list archive as part of a group wiki 
website. This service lets users read archived email sent to the group email address, 
using their web browsers. 


To set up a mailing list web archive: 
In the Groups pane of Server Preferences, click Group Settings and in the list on the 
left, select a group that has a wiki website. 


Select “Mailing list web archive” and “Mailing List.” 


3 Click Show All, click Mail, and make sure mail service is on. 


Group members can view their mailing list web archive at: 


http://serverDNSname/groups/groupshortname/mailinglist 


Replace the italicized placeholders with the server's DNS name and the group short 
name. The server's DNS name is shown in the Information pane of Server Preferences. 


Group members log in using their user account name and password to access the 
group mailing list web archive. 
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Customizing Services 


Use Server Preferences to change settings for file sharing, 
iCal, iChat, mail, web, and VPN services. 


Managing File Sharing Service 

Use the File Sharing pane to turn file sharing service on or off, or control access to 
the Groups and Public shared folders. You can also add your own shared folders, 
also known as share points, or delete them. For information about the settings and 
controls in this pane, click the Help button in the lower-right corner of the Server 
Preferences window. 
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About File Sharing Service 

Mac OS X Server file sharing service lets users access shared folders and store files on 
the server. They can use Macintosh, Windows, or UNIX computers to access their files 
and shared folders without special software, using native file protocols including AFP 
and SMB. Windows users see Mac OS X Server file servers in their Network Places, just 
like Windows file servers. 


Adding a Shared Folder 

You can add a shared folder for users to select when they connect to the server for file 
sharing. Mac users see the shared folder as a shared disk in the Finder. Windows users 
see the shared folder in Network Places. Shared folders are also called share points. 


To add a shared folder: 
lf you want to share a folder that doesn't exist yet, create it and name it in the Finder. 


In the File Sharing pane of Server Preferences, click the Add (+) button, choose the 
folder you want to share, and click Open. 


If you're using Server Preferences on the server, you can also drag a folder that you 
want to share from a Finder window to the list in the File Sharing pane. 


To allow users to access this shared folder without logging in, or change the list of 
users who can access this shared folder, click Edit Permissions. 


For instructions, see “Controlling Access to a Shared Folder” on page 109. 


If you want to set up a group file sharing folder, use the Groups pane of Server 
Preferences. Group file sharing folders are located in the /Groups/ shared folder. For 
information, see “Setting Up a Group File Sharing Folder” on page 102. 
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Removing a Shared Folder 

You can use Server Preferences to remove shared folders that you no longer want 
available for file sharing. When you remove a shared folder, the folder and its contents 
remain on the server's disk. 


To remove a shared folder: 
In the File Sharing pane of Server Preferences, select the shared folder you want to 
remove, and then click the Delete (—) button. 


Controlling Access to a Shared Folder 

You can enable or disable access to each shared folder listed in the File Sharing pane of 
Server Preferences. You can specify which users have read and write access to each 
shared folder and its contents: all users with accounts on your server or only users and 
groups you select. You can also choose whether guest access is on or off for each 
shared folder. Enabling access to a shared folder allows users to use the AFP and SMB 
file sharing protocols to access the folder. Guests can access a shared folder without 


logging in. 


To change settings for a shared folder: 
In the File Sharing pane of Server Preferences, locate the shared folder in the list. 


2 To enable access to a shared folder, select its checkbox. 


3 To give all users with accounts on your server read and write access to the shared 
folder and its contents, click Edit Permissions and select “All Registered Users.” 


To restrict read and write access to the shared folder and its contents, click Edit 
Permissions, select “Only these Registered Users and groups,” and select the checkbox 
next to each user and group you want to have read and write access. 
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If you give a group read and write access, all users who are members have read and 
write access even if their individual checkboxes are deselected. 


To allow guest users to read the contents of a shared folder, click Edit Permissions and 
select “Allow Guests read-only access.” Deselect this option to disallow guest access. 


If you enable access to a shared folder, users can access it with the most common file 
sharing protocols, AFP and SMB. 


You can also change access permissions for a shared folder or any item in it by using 
the Info window in the Finder. For information about setting permissions for folders 
and files, switch to the Finder and then use the Help menu. 


Finding a Server's File Sharing Address 
Users and optionally guests can connect to the server's shared folders using the AFP or 
SMB protocols at these addresses: 


¢ smb://serverDNSname 
* afp://serverDNSname 


Replace the italicized placeholder with your server’s DNS name, which is shown in the 
Information pane of Server Preferences. 


To access shared folders that don’t have guest access enabled, users must log in using 
the name and password of their user account on the server. After logging in, users 
have access to the shared folder of each group they belong to. If guest access is 
enabled for a shared folder, users can connect without logging in. For information, see 
“Controlling Access to a Shared Folder” on page 109. 
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Managing iCal Service 
Use the iCal pane to turn iCal calendar service on or off, limit file attachment size, or 
limit each user's total calendar data. 


r Limit each calendar event's size to: 
0) (3 MB 
Limit each user's total calendar size to: 


fe 
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To configure the iCal pane: 
=" Change any available setting, using the following information as a guide: 


On/Off indicates the status of iCal service, and clicking the On/Off switch turns the 
service on or off. 


Limit each calendar event's size to___ MB: Sets the maximum total size of an event, to-do 
item, or other calendar object, including the total size of all attached files. If a user tries 
to save a larger calendar object, the server sends an error message to the user's 
calendar application. 


Limit each user’s total calendar size to__ MB: Limits how much disk space a user’s 
events, to-do items, and other calendar data can use on the server. If a user exceeds 
this limit, the server sends an error message to the user’s calendar application. 
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About iCal Service 

The calendar service for Mac OS X Server, iCal Server, makes it easy for users to share 
calendars, schedule meetings, and coordinate events. Colleagues can quickly and easily 
check each other's availability, set up and propose meetings, book conference rooms, 
reserve projectors, and more. iCal Server sends the invitations, which can include 
information such as an agenda or to-do list, and tabulates replies. 


A computer with Mac OS X version 10.5 Leopard can have its iCal application 
automatically set up to use iCal Server. See “Setting Up Leopard Users’ Macs 
Automatically” on page 79. 


iCal server also works with other popular calendar applications that support the 
standard CalDAV protocol. 
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Managing iChat Service 

Use the iChat pane to turn iChat instant messaging service on or off, make all users 
buddies, enable chatting with other instant messaging systems, or set up logging and 
archiving of all chats. For information about the settings and controls in this pane, click 
the Help button in the lower-right corner of the Server Preferences window. 


fi Automatically make all users buddies 
1 Enable server-to-server communication 
(-) Log and archive all chats 


About iChat Service 

iChat service provides secure instant messaging (IM) for Macintosh, Windows, and 
Linux users. Team members can brainstorm solutions, make plans, exchange URLs, or 
transfer files without worrying about outsiders intercepting confidential information. 
iChat service provides text messaging between users or among multiple users. It also 
facilitates direct connections between users for audio, video, and multiway audio and 
video sessions. 
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Users’ iChat account information is stored on the server. Users may access their 
accounts from any Mac and see the same buddy lists, groups, and so forth. 


A computer with Mac OS X version 10.5 Leopard can have its iChat application 
automatically set up to use your server's iChat service. See “Setting Up Leopard Users’ 
Macs Automatically” on page 79. 


iChat service also works with Jabber-compatible instant messaging software available 
for Windows, Linux, and even popular PDAs. 


Making All Users Buddies 

You can have the Jabber IDs (screen names) of all users with accounts on the server 
automatically added to each user's Jabber buddy list. Users see their Jabber buddy lists 
in iChat (or other XMPP instant messaging application), and may add and remove 
buddies. 


To make all users Jabber buddies: 

In the iChat pane of Server Preferences, select “Automatically make all users buddies.” 
Restart iChat service by clicking On/Off twice. 

Changes to iChat service settings take effect once iChat service is restarted. 

If you deselect “Automatically make all users buddies,” users are not automatically 


removed from each other's buddy lists. Users can remove buddies that were 
automatically added to their buddy lists. 
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Chatting with Users of Google Talk and Other XMPP Services 
You can allow users of the server to exchange instant messages with users of Google 
Talk and other instant messaging systems that use the XMPP protocol. 


To allow chatting via Google Talk and other XMPP services: 
In the iChat pane of Server Preferences, select “Enable server-to-server 
communication.” 


Restart iChat service by clicking On/Off twice. 


Changes to iChat service settings take effect once iChat service is restarted. 


Saving and Archiving Instant Messages 

You can have iChat service save a transcript of all instant messages in a text file. The 
service compresses the transcript and saves an archive once a week. The latest 
transcript and the compressed archives are in /var/jabberd/message_archives/. 


To save and archive instant messages: 
In the iChat pane of Server Preferences, select “Log and archive all chats.” 
Restart iChat service by clicking On/Off twice. 


Changes to iChat service settings take effect once iChat service is restarted. 
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Managing Mail Service 

Use the Mail pane to turn mail service on or off, edit the welcome message sent to new 
users, specify a relay server for outgoing mail, or adjust junk mail and virus filtering. For 
information about the settings and controls in this pane, click the Help button in the 
lower-right corner of the Server Preferences window. 
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Minimum score for junk mail: 6 points 
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About Mail Service 

Mail service lets users send and receive email on your local network and the Internet, 
using any email application. Mail service can provide mailing lists for groups, and it 
includes filters that protect users from junk mail and viruses. 


Everyone with a user account gets an email address. A computer with Mac OS X 
version 10.5 Leopard can have its Mail application automatically set up to use your 
server's mail service. See “Setting Up Leopard Users’ Macs Automatically” on page 79. 
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Mail service also works with other popular mail applications that use standard email 
protocols. Users can get mail using the IMAP or POP protocol and send it using the 
SMTP protocol. 


Specifying a Mail Relay Server 
Your mail service can relay outgoing mail through another server, and that relay server 
will forward the mail to its destination. 


* If you use a commercial Internet service provider (ISP), it may stipulate that all 
outgoing email be relayed through a designated server. 

* If your organization provides your Internet service, your server may need to use a 
relay server to deliver outgoing mail through a firewall. In this case, your organization 
will designate a particular server for relaying mail through the firewall. 


Important: Use a relay server only if your ISP or organization requires one. Relaying 
mail through another server without permission may make your server appear to be a 
mail service abuser. 


To relay outgoing mail through another server: 
In the Mail pane of Server Preferences, select “Relay outgoing mail through ISP.” 
If this option is already selected, click the Edit button next to it. 


A dialog appears for entering the relay server connection details. 


2 Enter the relay server's DNS name or IP address supplied by your ISP or organization. 


3 If your ISP or organization also requires your server to authenticate before sending 
mail, select “Enable SMTP relay authentication” and enter the user name and password 
from your ISP or organization. 
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About Junk Mail and Virus Filtering 

Mail service can screen incoming mail before delivering it to check for viruses and junk 
mail. Mac OS X Server uses SpamAssassin (spamassassin.apache.org) to analyze the text 
of a message, and scores the probability of it being junk mail. 


No junk mail filter is 100% accurate in identifying unwanted email. So Mac OS X Server 
doesn't delete junk mail. Instead it delivers the mail with “***JUNK MAIL***” added to 
the subject. The recipient can decide if it’s really junk mail and deal with it accordingly. 


Each message is analyzed and the word frequency statistics are saved. Mail messages 
that have more of the same words as junk mail receive a higher score of probably 
being junk mail. 


Mac OS X Server uses ClamAV (www.clamav.net) to scan mail messages for viruses. 
Email infected with a suspected virus is deleted, and a notice is sent to the notification 
email address designated in the Information pane of Server Preferences. The server 
automatically updates virus definitions once a day via the Internet. 


Scanning for Incoming Junk Mail and Viruses 

You can have mail service scan incoming messages for junk mail and viruses. Messages 
containing known viruses are deleted. Messages suspected of being junk mail are 
marked ***JUNK MAIL*** and delivered. 


To have mail service scan for junk mail and viruses: 
In the Mail pane of Server Preferences, select “Enable junk mail and virus filtering.” 


Adjust the slider to set how tolerant the filter is of indications that an incoming 
message is junk mail. 


Aggressive: The junk mail filter tolerates few signs of being junk mail. 
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Moderate: The junk mail filter tolerates some signs of being junk mail. 


Cautious: The junk mail filter marks an incoming message as junk mail only if it 
contains many signs of being junk mail. 


Managing Web Services 

Use the Web pane to turn web services on or off, change your website’s homepage 
location, enable group wiki websites, or enable other web services. For information 
about the settings and controls in this pane, click the Help button in the lower-right 
corner of the Server Preferences window. 


Home Page: f Workgroup Wiki 


Sper home page @ 


Group Wikis: w@ Enable group wikis © 


Create a new group with a wiki website © 


Web Service Web Services: M4 Webmail © 
M User blogs © 
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About Web Services 

Web services can host a conventional website or provide group websites with wikis, 
blogs, optional calendars, and optional mailing list archives. Other web services provide 
web access to email. 


All members of a group can easily view, search, and edit wiki content right from their 
web browsers. By using included templates or creating their own, they can add, delete, 
edit, and format content naturally—without knowing markup codes or special syntax. 
With a few clicks, or by dragging and dropping, they can attach files and images, 
publish to podcasts, assign keywords, and link to other wiki pages or other websites. 
They can also review the wiki's complete history of changes and revert any page to a 
previous version. They can also view and contribute to shared calendars, blogs, and 
mailing lists. 


Blogs give nontechnical users a way to keep their colleagues up-to-date with projects, 
the files they're working on, and pictures or podcasts. Users publish their own blogs, 
with drag-and-drop ease, using a selection of built-in professional templates. 


With webmail, users can receive and send mail from a web browser anywhere on the 
Internet. They can access all their email as if they were using Mac OS X Mail or another 
mail application on their computers. 
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Finding the Server’s Website Address 
The address of your server's website is: 


http://serverDNSname 


Replace the italicized placeholder with your server's DNS name, which is shown in the 
Information pane of Server Preferences. 


If your server website is a group wiki, visitors must log in using the name and password 
of a group member. 


Hosting a Conventional Website 

Instead of using a group wiki website set up for you by Mac OS X Server, you can have 
your server host a conventional website consisting of static HTML files. You create the 
website using web development software of your choice, or have someone do it for 
you, and copy the website files to your server. 


To host a conventional website: 
1 Make sure your website's main page is named index.html or index.php. 


2 Open the server's website folder at /Library/WebServer/Documents/, and optionally 
delete the placeholder files. 


3 Copy your website files to the website folder. 


4 In the Web pane of Server Preferences, choose Server Home Page from the Home Page 
pop-up menu. 


5 If web services are not on, click the On/Off switch in the Web pane. 
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Setting Up Group Wiki Service 

You can use the Web pane of Server Preferences to make all group wiki websites 
available or unavailable on the network. When group wiki websites are available, each 
group’s members can access the group wiki, blog, optional calendar, and optional 
mailing list archive. You turn on and set options for each group's wiki individually in the 
Groups pane. 


To enable wiki service for all groups: 
1 In the Web pane of Server Preferences, select “Enable group wikis” and make sure web 
service is on. 


If web service isn’t on, click the On/Off switch. 


2 If you want to visit the wiki page with links to all group wikis, click the link arrow next 
to “Enable group wikis.” 

3 If you want to set up a wiki for a new group or an existing group, click “Create a new 
group with a wiki website.” 
Clicking this link takes you to the Groups pane, where you can create a new group or 
select an existing group and then set up the group's wiki. For information about 
creating groups and setting up group wikis, see “Creating a New Group” on page 94 
and “Setting Up a Group Wiki Website” on page 103. 
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Setting Up Webmail Service 
You can use Server Preferences to turn webmail service on or off. This service lets all 
server users access their mail using a web browser over the Internet. 


To turn webmail service on or off: 
In the Web pane of Server Preferences, select or deselect “Webmail.” 


If this option is selected, clicking the link arrow next to it opens the webmail website. 


Users access your server's webmail by appending /webmail to your server's website 
address. For example: 


http://server.example.com/webmail 
Setting Up User Blogs 


You can use Server Preferences to turn the web service for user blogs on or off. This 
service lets all server users create their own blogs using a web browser. 


To turn user blogs on or off: 
In the Web pane of Server Preferences, select or deselect “User blogs.” 


If this option is selected, clicking the link arrow next to it opens the user blogs website. 


Users access their blogs by appending /users/shortname to your server's website 
address. For example: 


http://server.example.com/users/rpatel 
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Managing VPN Service 

Use the VPN pane to turn VPN remote access service on or off, inspect or change the 
VPN secret, set the IP address range for VPN users, or save a VPN configuration file for 
Mac OS X users. For information about the settings and controls in this pane, click the 
Help button in the lower-right corner of the Server Preferences window. 


‘ 
¥ 


Shared Secret' ee és weseeeereee ‘i aeoe (Edit. e 
IP Address Range: 10.90.77 201 
to: 10.0.77.254 


Client VPN configuration file: (Save As) 


This file contains the information needed for Mac OS K 
computers to use your VPN service. 
‘o) 


About VPN Service 

VPN (virtual private network) service lets users connect to your network from home or 
other remote locations over the Internet. Users make a secure VPN connection to 
access workgroup services such as file sharing, mail, iChat, iCal, and web. VPN service 
uses the L2TP protocol with a shared secret to ensure confidentiality, authentication, 
and communications integrity. 
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A secure shared secret is generated automatically when you set up your server. The 
shared secret isn't used to authenticate client computer users for a VPN connection. 
Instead it allows the server to trust client computers that have the shared secret, and it 
allows client computers to trust the server that has the secret. 


Both server and client computers must have the shared secret. A computer with 

Mac OS X version 10.5 Leopard can automatically get the shared secret and be set up 
to make connections to the server's VPN service. See “Setting Up Leopard Users’ Macs 
Automatically” on page 79. 


Other Mac and Windows computers can be configured in different ways to connect to 
the VPN service. See “Setting Up a Mac User's VPN Connection” on page 87 and 
“Setting Up a User’s VPN Connection Manually” on page 89. 


Changing the VPN Shared Secret 

You can use Server Preferences to change the shared secret that the server and a client 
computer use for authentication when making a VPN connection. Periodically 
changing the shared secret improves VPN security, but is inconvenient because users 
must also change the shared secret on computers they use for VPN connections. 


To change the VPN shared secret: 
In the VPN pane of Server Preferences, click Edit. 


Select “Show shared secret” so you can read the secret, enter a new secret, and 
click OK. 


The shared secret should be at least 8, but preferably 12 or more characters including 
letters, digits, and symbols, but without spaces. Initially the shared secret is 32 random 
characters. 
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You can use the Password Assistant to help you compose a new shared secret. 
Temporarily switch to the Users pane, click Account, click Reset Password, click the 

Key button to the right of the New Password field, and then click Cancel and go back 
to the VPN pane. The Password Assistant remains open, and you can use it to generate 
a new shared secret that you copy from the Suggestion field and paste into the Shared 
Secret field. 


After you change the secret here, all VPN users must make the same change in their 
VPN configurations. For information about making this change, see “Setting Up a User's 
VPN Connection Manually” on page 89. 


Creating a VPN Configuration File 

You can use Server Preferences to generate a file that Mac users can open to create a 
VPN configuration automatically. After creating the VPN configuration, a user can make 
a VPN connection to the server and its network via the Internet. The configuration file 
works with Mac OS X v10.3 or later. 


To generate a VPN configuration file: 
In the VPN pane of Server Preferences, click Save As, select a location for the VPN 
configuration file, and click Save. 


Distribute the saved configuration file to users who need to set up a VPN configuration 
on their Macs. 
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To set up a Mac, a user simply opens the VPN configuration file you generated. 
Opening this file opens either the Network pane of System Preferences or Internet 
Connect (depending on the Mac OS X version), and then imports a VPN configuration 
with all information necessary to make a VPN connection except the name and 
password of a user account on the server. If Internet Connect asks the user where to 
put the imported configuration, the user should select VPN (L2TP). The user should not 
select VPN (PPTP) or any other option. 


When Network preferences or Internet Connect finishes importing the VPN 
configuration, the user needs to enter an account name and can also enter a password, 
and then save them as part of the VPN configuration upon quitting the application. If 
the user saves both name and password as part of the VPN configuration, anyone 
using that computer will then be able to log in automatically for a VPN connection to 
your server. 


For security, you can instruct users to enter their account name but leave the password 
blank, and then quit the application (System Preferences or Internet Connect). If users 
don't save a password as part of the VPN configuration on their computers, they will be 
asked to log in each time they make a VPN connection to your server. 


For information you can give users instructing them how to use the VPN configuration 
file, see “Setting Up a Mac User's VPN Connection” on page 87. 


Changing the IP Address Range for VPN 

You can use Server Preferences to change the range of addresses you want the server 
to reserve for assigning to remote computers when they make VPN connections to the 
server. For example, you might make the range larger to make more IP addresses 
available for VPN connections. 
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Important: These are addresses on the server's network, and they must not be used by 
other computers or devices on the network. This range of addresses must not include 
any static IP addresses in use on the network or overlap the range of IP addresses that 
the DHCP server assigns. 


To change the IP address range for VPN service: 
In the VPN pane of Server Preferences, change the first IP address in the range, the last 
IP address in the range, or both. 


The range of addresses needs to be large enough for the maximum number of remote 
computers that will have concurrent VPN connections. VPN service assigns an IP 
address for the duration of a VPN connection, and reclaims the address assigned to a 
remote computer that disconnects. 


If you have an AirPort Base Station or other Internet router (gateway) that provides 
DHCP service, you may need to adjust its IP address range so that the DHCP and VPN 
address ranges don't overlap. 


For information about changing the settings of an Internet router, see its 
documentation. 


When a remote computer makes a VPN connection, the server assigns the remote 
computer an unused IP address from the range of reserved addresses. This IP address 
doesn't replace the IP address that the remote computer is already using to connect to 
the Internet. The remote computer keeps this IP address and any other |P addresses it’s 
using, and adds the IP address assigned to it for VPN. 
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Providing VPN Service Through an Internet Router 

If your server provides VPN service through an AirPort Base Station or other Internet 
router, and users’ computers need to make VPN connections through their own base 
Stations or Internet routers, your server must be on a different IP subnet than the VPN 
users’ computers. In other words, your server's IP address can’t begin with the same 
three numbers as VPN users’ IP addresses, such as 10.0.1 or 192.168.1. 


You can avoid this conflict by changing the third number of the IP address of all the 
devices on your server's local network— AirPort Base Station or other Internet router, 
server, and other computers. Use a number between 2 and 254. For example, if your 
server and other devices on its network have IP addresses that begin with “10.0.1,” 
change them to begin with “10.0.2” or “10.0.100.” If their IP addresses begin with 
“192.168.1," you might change them to begin with “192.168.5” or “192.168.70.” You can 
also use 172.16.0 through 172.31.255. In all cases, use subnet mask 255.255.255.0. 


lf your AirPort Base Station, other Internet router, or DHCP server assigns IP addresses 
to computers on your network, change it to assign IP addresses that begin with the 
Same three numbers as the server's IP address. If possible, make these changes before 
setting up your server. You make these changes on an AirPort Base Station using 
AirPort Utility (located in /Applications/Utilities/). For instructions, open AirPort Utility 
and then use the Help menu. For information about configuring another kind of 
Internet router or gateway, see its documentation. 


For information about changing your server's IP address, see “Changing Your Server's IP 
Address” on page 134. 
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After changing the IP address of your AirPort Base Station or other Internet router, 
change your server and other computers on its network to use the new address as 
their router address. You make this change in the Network pane of System Preferences 
on your server and other Macs. For information about changing the IP addresses of 
other devices, see their documentation. 


Customizing Services Using Advanced Applications 

Although a standard or workgroup configuration of Leopard Server is best 
administered using Server Preferences and the Server Status widget, you can also use 
Server Admin, Workgroup Manager, and the other advanced applications and tools 
listed in “Advanced Tools and Applications” on page 29. You can use the advanced 
applications and tools to customize services by changing advanced options. You can 
also turn on services that aren't part of a standard or workgroup configuration, such as 
QuickTime Streaming Server. For information about advanced services, options, and 
applications, see Server Administration and the other advanced administration guides 
described in “Mac OS X Server Administration Guides” on page 144. 


Important: Before using Server Admin, Workgroup Manager, or other advanced tools 
and applications to make changes to a standard or workgroup configuration, carefully 
note current settings in case you need to revert to them. For example, you can make a 
screen shot of each pane and dialog before changing settings in it. (For information 
about screen shots, switch to the Finder and then use the Help menu.) 
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Managing Server Information 


Use Server Preferences to get general information, 
check service logs, see graphs of server activity, and 
change firewall settings. 


Managing Server Information 


Use the Information pane of Server Preferences to get information about your server, 
including the hardware and software installed, network names and address, and serial 
number. You can also change the server's computer name and serial number. For 
information about the settings and controls in this pane, click the Help button in the 
lower-right corner of the Server Preferences window. 


iP Address: 10.0,77.2 


DNS Name: myserver.example.com 


Computer Name: My Server 


Server Type: Standard configuration 


. : "i nao 
Information Server License: Unlimited-client license Edit. | 
Mac OS X Server 10.5 Notifications: serveradmin@imyserver.... (Edit. ) 
(Build 9A999) 
1.83 CHz Intel Core Duo 
512 MB RAM ‘ey 
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Changing the Serial Number or Site License Details 
You can use Server Preferences to change the Mac OS X Server software serial number 
or site license information. 


To change the software serial number or site license: 
In the Information pane of Server Preferences, click the Edit button next to the Server 
License information. 


Enter a different serial number or edit the site license details as needed, and then click 
Save. 


Changing the Notification Settings 

You can use Server Preferences to change the email address to which the server sends 
messages about low disk space, software updates, and deleted email that was infected 
with a virus. You can also turn each type of notifications on or off. 


To change the notification email address: 
In the Information pane of Server Preferences, click the Edit button on the Notifications 
line. 


Enter the desired email address in the Notifications Email field. 
If you don't want any notifications sent, leave the Notifications Email field blank. 
Select the types of notifications you want the server to send, and then click Save. 


Low disk space: Sends an email when a disk or partition has less than 5 percent free 
space available. 
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Software updates available: Sends an email when new software updates become 
available for the server. 


Virus detected in incoming email: Sends an email when the email virus filter detects a 
virus. 


Changing Your Server’s Name 

You can use Server Preferences to change the server's computer name. It identifies the 
server to client computers that are browsing for network file servers, print queues, or 
other network resources identified by computer name, rather than by DNS name. 


To change the server's computer name: 
In the Information pane of Server Preferences, edit the Computer Name field. 


Specify a name that's 63 Roman characters or fewer including spaces, and avoid using 
=,:, or @. Mac OS X automatically converts the computer name to a form that’s valid 
with SMB file sharing. 


To change the server's local hostname, use the Sharing pane of System Preferences on 
the server. Other computers on the server's local network (IP subnet) can use the 
server's local hostname to contact the server. If you change your server's local 
hostname, users of other computers may have to change their bookmarks or other 
settings to use the server's new local hostname. For information about using System 
Preferences, open it and use the Help menu. 
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The server's DNS name can only be changed by the administrator of your DNS service. 
You should avoid having the server's DNS name changed, because changing it will 
require users of its services to reconfigure their computers: 

« Users with Mac OS X v10.5 Leopard will have to use Directory Utility to disconnect 


their computers from the server, and then use Directory Utility to connect to the 
server again. 


Users who have an earlier Mac OS X version, or who are running Windows, will have 
to deal with changes to shared calendar subscriptions, iChat addresses, email 
addresses, the server's website address, group wiki addresses, and the server’s VPN 
address. 


Changing Your Server's IP Address 

The server's IP address is one of the network connection settings in the Network pane 
of System Preferences. For information about changing Network preferences, open 
System Preferences on the server and use the Help menu. 


Important: |f your DNS service is provided by your ISP or another server on your 
network, have your server's DNS record changed to use the new IP address. 
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Changing your server's IP address may disrupt the connections of users’ computers 
that have Mac OS X v10.5 Leopard. If this happens, users need to use Directory Utility to 
disconnect their computers from the server, and then use Directory Utility to connect 
to the server again. 


Connecting to a Directory Server 

If your organization has a directory server but you didn’t connect your server to it 
during setup, you can connect your server to it now. Then you can import user 
accounts from it for people in your workgroup. You can also give other user accounts in 
the directory server access to the services of your workgroup by making them external 
group members. For information, see “Importing Groups of Users Automatically” on 
page 63 and “Adding or Removing External Members of a Group” on page 99. 


You use the Directory Utility application (located in /Applications/Utilities/) to connect 
to a directory server. For information about connecting to a directory server, open 
Directory Utility and then use the Help menu. 


Your server is considered a workgroup configuration if it’s connected to a directory 
server. 


Chapter 9 Managing Server Information 


135 


136 


Changing Firewall Settings 

Use the Firewall pane of Server Preferences to set up a firewall that protects your server 
from users on other networks or the Internet. The firewall controls incoming 
connections that originate outside your server's local network (IP subnet). The firewall 
can allow individual services to accept incoming connections from computers outside 
your server's local network, or restrict selected services to accept incoming connections 
only from computers on your server's local network. You can start the firewall and 
select the services that restrict incoming connections. You can also stop the firewall to 
allow incoming connections to all services from outside your server's local network. 


Restrict selected services to accept incoming 


F () connections only from the server's local network 
i ry Mw WG Apple Remote Desktop 


fF iCal Service 
w  # iChat Service 
() & Mail Service 
M MB Remote Login - SSH 
“) BD Web Service 


OFF 
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To change firewall settings: 
In the Firewall pane of Server Preferences, click the On/Off switch to turn the firewall 
on or Off. 


Turn the firewall on if you want to control incoming connections for each listed service 
Separately. 


Turn off the firewall to allow all services to accept incoming connections from outside 
your server's local network. 


In the list of services, select a service’s checkbox if you want the service to accept 
incoming connections only from the server's local network. 


Deselect a service’s checkbox if you want the service to accept incoming connections 
from all networks including the Internet. 


Settings in the list of services take effect only if the firewall is on. 


About the Firewall 

Mac OS X Server includes firewall software you can use to block unwanted network 
communication with your server. This firewall is called an application firewall because it 
accepts or denies an incoming connection based on the particular application, service, 
or other software module that is trying to accept the connection. This firewall doesn't 
control outgoing network traffic. Settings in the Firewall pane of Server Preferences 
control the same firewall as settings in the Firewall pane of the Security pane in System 
Preferences, 
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Mac OS X Server has another firewall that works differently. Called an /P firewall, it 
accepts or denies incoming and outgoing traffic based on attributes of the traffic, such 
as its destination port or originating IP address, The IP firewall can be used at the same 
time as the application firewall. For information about the IP firewall, see Network 
Services Administration (described in “Mac OS X Server Administration Guides” on 

page 144). 


Checking Server Logs 

Use the Logs pane of Server Preferences to view the message logs kept by the 

Mac OS X Server software components as they provide services. These logs include the 
messages you see in alert dialogs, plus messages you won't see anywhere else about 
routine actions, warnings, and errors. If you've received an error message in a dialog, a 
log may show additional detail about the issue. 
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Log messages are rather technical and not very meaningful to the average user, but 
they can help support technicians solve problems. 


Eo tance to ii var » Gi log © 
“JOT 16 1435145 wyServer Jawbera/vezs [154 
Jul 16 14:35:45 myserver jabberd/c2s [154]: 


Quthztdemchen@myserver .examp le.com 


i log 


[192.168 1.188, porte493bZ] aiscorinect 


se [192.168.1.188, port=49363] connect 


[7] (192.168.1.188, port=49367] connect 


Jul 16 14:35:45 myserver jabberd/c2s(154]: [7] [192.168.1.188, port=49363] disconnect 
Jul 16 14:36:41 myserver jabberd/c2s [154]: 
Jul 16 14:36:42 myserver jabberd/c2s [154]: 


[7] SASL authentication succeeded: mechanism=GSSAPI ; 


Jul 16 14:36:42 myserver jabberd/c2s [154]: [7] bound: jid=amchen@myserver .example.com/Mei’s iMac 


Jul 16 14:36:42 myserver jabberd/c2s [154]: 


Jidemchen@myserver .example.com/Mei*’s iMac 


Jul 16 14:36:43 myserver jabberd/sm[152]: session started: Jid=mchen@myserver .example.com/Met 's 


iMac 


Jul 16 14:37:47 myserver jabberd/c2s [154]: 


[7] requesting session: 


[9] [192.168.1.12, port=49599] connect 


Jul 16 14:37:48 myserver jabberd/c2s[154]: [9] [192.168.1.12, port=49589] disconnect 


Jul 16 14:37:58 myserver jabberd/c2s [154]: 
Jul 16 14:37:51 myserver jabberd/c2s [154]: 


“ajohnson" access for service “chat” 


Jul 16 14:37:51 myserver jabberd/c2s [154]: 


wor_check_service_membership returned 8 


Jul 16 14:37:51 myserver jabberd/c2s [154]: 


‘quthorized to access service “chat” 


Jul 16 14:37:51 myserver jabberd/c2s[154]: [9] auth succeeded: usernomesajohnson, resourcesMy 


Group Server 


Jul 16 14:37:51 myserver jobberd/c2s [154]: 


ple.com/My Group Server 


dul 16 14:37:51 myserver jabberd/sm[152]: session started: jidsajohnson@myserver .example.com/My 


Group Server 


[9] [192.168.1.12, port=49511] connect 


od_auth_check_service_membership: checking user 


od_auth_check_service_membership: 


od_auth_check_service_membership: user "“ajohnson" is | 


[9] requesting session: jideajohnson@myserver .exam- 
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Here are ways you can use the Logs pane: 

Choose a log from the View pop-up menu. 

The log’s filename and its location on the server are shown above the contents of the 
log. 

Show only log entries that contain a word or phrase by typing it in the Filter field at the 
top of the window. 


Show all entries for the selected log by deleting the contents of the Filter field or 
clicking the X button in the field. 


You can also view the Mac OS X Server logs and other logs using Console (located in 
/Applications/Utilities/) on the server. For example, you can use Console to view the 
console.log file, which contains important messages from applications that are open 
on the server. For information about using Console, open it and then use the Help 
menu. 
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Monitoring Server Graphs 
Use the Graphs pane of Server Preferences to get a picture of server activity over time. 


You can find out when the server is usually busy, whether it’s operating near capacity, 
and when it’s likely to be least used. 


88 Outbound Traffic © Inbound Traffic 
10 MB/s 


Network Traffic 4 in the past | 1 hour 'G) 
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Here are ways you can use the Graphs pane: 
Choose a type of activity and a time period from the pop-up menus. 


Processor Usage: Monitor the workload of the server's processor or processors (also 
called the central processing unit, or CPU). 


Network Traffic: Track how much incoming and outgoing data the server transfers over 
the network. 


Disk Space: See how much space is used and available on each mounted disk or 
volume (partition). 


File Sharing Traffic: Track how much incoming and outgoing data the file sharing 
services transfer over the network. 


Web Traffic: Track how much incoming and outgoing data the web services transfer 
over the network. 


You can also monitor server activity using the Server Status widget on the server or on 
another computer on the network. For information, see “Using the Server Status 
Widget” on page 49. 


If the server has a display, you can use Activity Monitor (located in /Applications/ 
Utilities/) on the server. Activity Monitor shows the processes and applications that are 
currently open on the computer. You can also use Activity Monitor to monitor short- 
term processor workload, disk activity, and network activity. For information about 
using Activity Monitor, open it and then use the Help menu. 
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Learning More 1 O 


More information about using Mac OS X Server is available 
from onscreen help, a suite of advanced guides, and the web. 


Using Onscreen Help 

You can get task instructions in the onscreen help system while you're managing 
Leopard Server. You can view help on a server or an administrator computer. (An 
administrator computer is a Mac OS X computer with Leopard Server administration 
software installed on it. For information, see “Preparing an Administrator Computer” on 
page 36.) 


To get help for a standard or workgroup configuration of Leopard Server: 

Open Server Preferences and then: 

* Choose Help > Server Preferences to browse and search the help topics. 

* Click a help button in Server Preferences. 

¢ Use the Help menu to search for a task you want to perform. 

The onscreen help for Server Preferences contains all the instructions from this book 
for managing a standard or workgroup configuration of Leopard Server. Server 


Preferences Help contains additional topics that focus more narrowly than the book on 
specialized tasks. 
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To get help for an advanced configuration of Leopard Server: 
Open Server Admin or Workgroup Manager and then: 


* Choose Help > Server Admin Help or Help > Workgroup Manager Help to browse 
and search the help topics. 


« Use the Help menu to search for a task you want to perform. 


The help contains instructions taken from Server Administration and other advanced 
administration guides described in “Mac OS X Server Administration Guides,” next. 


To see the most current server help topics: 

Make sure the server or administrator computer is connected to the Internet while 
you're getting help. 

Help Viewer automatically retrieves and caches the most current server help topics 
from the Internet. When not connected to the Internet, Help Viewer displays cached 
help topics. 


Mac OS X Server Administration Guides 

Getting Started covers installation and setup for standard and workgroup 
configurations of Mac OS X Server. For advanced configurations, Server Administration 
covers planning, installation, setup, and general server administration. A suite of 
additional guides, listed below, covers advanced planning, setup, and management of 
individual services. You can get these guides in PDF format from the Mac OS X Server 
documentation website: 


www.apple.com/server/documentation 
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This guide... 


Getting Started and 
Installation & Setup Worksheet 


Command-Line Administration 


File Services Administration 


iCal Service Administration 


iChat Service Administration 


Mac OS X Security Configuration 


Mac OS X Server Security Configuration 


Mail Service Administration 


Network Services Administration 


Open Directory Administration 


tells you how to: 


Install Mac OS X Server and set up a standard 
or workgroup configuration. 


Install, set up, and manage Mac OS X Server 
using UNIX command-line tools and 
configuration files. 


Share selected server volumes or folders 
among server clients using the AFP, NFS, FTP, 
and SMB protocols. 


Set up and manage iCal shared calendar 
service. 


Set up and manage iChat instant messaging 
service. 


Make Mac OS X computers (clients) more 
secure, as required by enterprise and 
government customers. 


Make Mac OS X Server and the computer it’s 
installed on more secure, as required by 
enterprise and government customers. 


Set up and manage IMAP, POP, and SMTP mail 
services on the server. 


Set up, configure, and administer DHCP, DNS, 
VPN, NTP. IP firewall, NAT, and RADIUS services 
on the server. 


Set up and manage directory and 
authentication services, and configure clients to 
access directory services. 
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This guide... tells you how to: 

Podcast Producer Administration Set up and manage Podcast Producer service to 
record, process, and distribute podcasts. 

Print Service Administration Host shared printers and manage their 
associated queues and print jobs. 

QuickTime Streaming and Broadcasting Capture and encode QuickTime content. Set up 

Administration and manage QuickTime streaming service to 


deliver media streams live or on demand. 


Server Administration Perform advanced installation and setup of 
server software, and manage options that apply 
to multiple services or to the server as a whole. 


System Imaging and Software Update Use NetBoot, Netinstall, and Software Update 

Administration to automate the management of operating 
system and other software used by client 
computers. 

Upgrading and Migrating Use data and service settings from an earlier 


version of Mac OS X Server or Windows NT. 


User Management Create and manage user accounts, groups, and 
computers. Set up managed preferences for 
Mac OS X clients. 


Web Technologies Administration Set up and manage web technologies, 
including web, blog, webmail, wiki, MySQL, 
PHP, Ruby on Rails, and WebDAV. 


Xgrid Administration and High Performance Set up and manage computational clusters of 

Computing Xserve systems and Mac computers. 

Mac OS X Server Glossary Learn about terms used for server and storage 
products. 
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Viewing PDF Guides Onscreen 
While reading the PDF version of a guide onscreen: 


« Show bookmarks to see the guide's outline, and click a bookmark to jump to the 
corresponding section. 

¢ Search for a word or phrase to see a list of places where it appears in the document. 
Click a listed place to see the page where it occurs. 

* Click a cross-reference to jump to the referenced section. Click a web link to visit the 
website in your browser. 


Printing PDF Guides 

If you want to print a guide, you can take these steps to save paper and ink, and 

improve readability: 

* Save ink or toner by not printing the cover page. 

* Save color ink on a color printer by looking in the panes of the Print dialog for an 
option to print in grays or black and white. 

* Reduce the bulk of the printed document and save paper by printing more than one 
page per sheet of paper. In the Print dialog, choose Layout from the untitled pop-up 
menu. If your printer supports two-sided (duplex) printing, select one of the Two- 
Sided options. Otherwise, choose 2 from the Pages per Sheet pop-up menu, and 
change Scale to 115% (155% for Getting Started). 

* If you're printing Getting Started from PDF, you may want to enlarge the CD-size 
pages even if you don't print two pages per sheet. Try changing Scale to 155%. 


If you're using Mac OS X v10.4 or earlier, the Scale setting is in the Page Setup dialog. 
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Getting Documentation Updates 
Periodically, Apple posts revised help pages and new editions of guides. Some revised 
help pages update the latest editions of the guides. 


* To view new onscreen help topics for a server application, make sure your server or 
administrator computer is connected to the Internet and click “Latest help topics” or 
“Staying current” in the main help page for the application. 

* To download the latest guides in PDF format, go to the Mac OS X Server 
documentation website: 


www.apple.com/server/documentation 


Getting Additional Information 


For more information, consult these resources 


Read Me documents (on the Mac OS X Server Install Disc and the Administration Tools disc) 
Important updates and special information 


Mac OS X Server website (www.apple.com/server/macosx) 
Extensive product and technology information 


Mac OS X Server Support website (www.apple.com/support/macosxserver) 
Access to hundreds of articles from Apple’s support organization 


Apple Discussions website (discussions.apple.com) 
A way to share questions, knowledge, and advice with other administrators 


Apple Mailing Lists website (www. lists.apple.com) 
Subscribe to mailing lists so you can communicate with other administrators using email 
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Preparing Disks for Installing 
Mac OS X Server 


Use the Installer, Server Assistant, or Disk Utility if you 
need to erase a disk, partition it into multiple volumes, 
or set up a RAID set. 


Use this To do this When 


Installer Erase the target disk using a During local install 
common format 


Server Assistant Erase the target disk using the During remote install 
most common format, 
Mac OS X Extended 
(Journaled) 


Disk Utility Erase the target disk using less | During local install 
common formats, partition the Before remote install 
whole disk into multiple 
volumes, or set up a RAID set 
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For information about using Installer, Server Assistant, and Disk Utility during 
installation, see Chapter 2, “Installing Mac OS X Server.” For information about 
controlling Disk Utility remotely from another computer with Apple Remote Desktop 
(which you can purchase separately) before installing remotely, see Server 
Administration (described in “Mac OS X Server Administration Guides” on page 144). 


WARNING: Before partitioning a disk, creating a RAID set, or erasing a disk or 


partition on a server, preserve any user data you want to save by copying it to 
another disk. 


Erasing with the Installer 

You can erase the target disk while using the Mac OS X Server Installer. When you 

select the target disk in the Installer, you can also select an option to have the target 

disk erased during installation. You have a choice of two disk formats: 

* Mac OS Extended (Journaled) is recommended and is the most common format for a 
Mac OS X Server startup volume. 

* Mac OS Extended (Case-sensitive, Journaled) is worth considering if you are planning to 
have your server host a conventional website with static web content instead of 
group wiki websites. A case-sensitive volume can host static web content with a 
more direct mapping between files and URLs. 
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Important: Third-party software may not function properly when installed on a case- 
sensitive volume due to an unforeseen capitalization mismatch. For example, an 
application may have a folder named Plugins, but some parts of the application may 
refer to it as Plugins. This would work on a volume with the Mac OS Extended 
(Journaled) format, but wouldn't work on a volume with the Mac OS Extended (Case- 
sensitive, Journaled) format. 


Erasing with Server Assistant 

If you're using Server Assistant to install Mac OS X Server remotely, and the target disk 
already has Mac OS X Server or Mac OS X installed, Server Assistant can erase the disk 
using the Mac OS Extended (Journaled) format only. 


Erasing with Disk Utility 

For additional format choices, use the Installer’s Utilities menu to open the Disk Utility 
application, and then use Disk Utility to erase the target disk. You can choose the 
formats described on the previous page or choose the non-journaled variants of 
them: Mac OS Extended and Mac OS Extended (Case-sensitive). Do not use the ZFS 
format for a Mac OS X Server startup disk. 


Earlier versions of Mac OS X and Mac OS X Server can also erase disks using the 
UNIX File System (UFS) format. You should not use UFS format for a Mac OS X Server 
startup disk. 
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Partitioning a Hard Disk 

Partitioning the hard disk creates a volume for server system software and one or more 
additional volumes for data and other software. The minimum recommended size for 
an installation partition is 20 GB. A larger volume is recommended for a standard or 
workgroup configuration, because these configurations keep shared folders and group 
websites on the startup volume together with the server software. Use Disk Utility to 
partition a hard disk. 


Creating a RAID Set 

If you're installing Leopard Server on a computer with multiple internal hard disk 
drives, you can create a RAID (Redundant Array of Independent Disks) set to optimize 
storage Capacity, improve performance, and increase reliability in case of a disk failure. 
For example, a mirrored RAID set increases reliability by writing your data to two or 
more disks at once. If one disk fails, your server automatically starts using one of the 
other disks in the RAID set. 


You use Disk Utility to set up a RAID set. You can set up RAID mirroring after installing 
Mac OS X Server if you install on a disk that isn't partitioned. To prevent data loss, you 
should set up RAID mirroring as soon as possible. For information about setting up a 

RAID set, open Disk Utility and then use the Help menu. 
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Configuring an Internet Router 


Configure an AirPort Base Station or an Internet router 
to make your server's services available on the Internet. 


If you have an Internet router or gateway device that shares an Internet connection 
among computers on your local network, it isolates your local network from the 
Internet. Computers on the Internet can’t access services provided by your server 
unless your router is configured to forward requests for each service to your server. This 
process is called port forwarding or port mapping, because each service communicates 
through an abstract, numbered communication port. These ports are not physical like 
the Ethernet port on your computer. 


Configuring Port Mapping on an AirPort Extreme Base Station 
A standard or workgroup configuration of Mac OS X Server version 10.5 Leopard can 
configure port mapping automatically on an AirPort Extreme Base Station (802.11n). 
The server configures the AirPort Extreme to make the iChat, mail, web, and VPN 
services available on the Internet. The server configures the AirPort Extreme separately 
for each service when the service starts and stops. 
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The server can configure port mapping automatically on an AirPort Base Station that 
has the default password (public). lf the base station has a different password, you can 
enter it while setting up the server locally, and the server will be able to configure port 
mapping on the base station. If you set up your server remotely, it will be able to 
configure port mapping automatically as long as your base station uses the default 
password. However, the default password is fairly well known, and using it will 
compromise the security of your wireless network. 


Automatic configuration of an AirPort Base Station requires that the setting IPv6é Mode 
be set to Tunnel in the AirPort Utility application (located in /Applications/Utilities/). 
The AirPort Base Station must be set up to share an Internet connection with 
computers connected to it by Ethernet. 


Only standard and workgroup configurations of Leopard Server configure an AirPort 
Base Station automatically. An advanced configuration of Leopard Server leaves port 
mapping to the administrator. 


Note: Users who have accounts on your server should make a VPN connection to your 
server to get secure remote access to all services over the Internet. Setting up port 
forwarding, whether automatically on an AirPort Extreme or manually as described 
next, makes only some of your server's services available on the Internet. 
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Manually Configuring Port Mapping on an Internet Router 

You can manually configure port mapping on most Internet routers by using their 
configuration software. Usually the configuration software consists of several 
webpages. Using Safari, you go to the webpage with settings for port mapping or port 
forwarding. In some cases, you can select standard services such as web or VPN and 
specify that each be mapped to your server's IP address. In other cases, you must enter 
port numbers for services and enter your server's IP address for each one. 


The following table lists services and the corresponding ports for which you might 
want to set up port mapping or forwarding. Some Internet routers may ask you to 
specify TCP or UDP for each port, while other routers don't. For specific information 
about how to configure port forwarding on your Internet router, see its 
documentation. 


Service Port TCP or UDP 
iChat service 

iChat server-to-server 5269 TCP 
iChat file transfer proxy 7777 TCP 
Mail service 

SMTP 25 TCP 
Web service 

HTTP 80 TCP 
VPN service 

ISAKMP/IKE 500 UDP 
L2TP 170 UDP 
PPTP 1723 TCP 


IKE NAT Traversal 4500 UDP 


Appendix B Configuring an Internet Router 


12 


Index 


A 


access 
folder 109 
groups 95 
root user 44 
user 69, 71, 102 
accounts 
administrator 44, 58, 72 
importing 62, 63, 72,75 
See also group accounts; 
user accounts 
Activity Monitor 142 
administrator 
accounts for 44, 58, 72 
configuration 44, 59, 72 
administrator computer 36, 51 
advanced configuration 
about 20, 26 
applications 29 
converting to 20 
documentation 144 
importing users from 72 
services 26 
AFP (Apple Filing Protocol) 
service 110 


AirPort Base Station 
DHCP service of 128 
port mapping 153 
security 33 
VPN through 129 
antivirus tools. See virus 
screening 
Apple Filing Protocol service. 
See AFP 
Apple Remote Desktop 40, 150 
applications 28, 29 
See also individual 
applications 
archiving 
group mailing lists 106 
instant messages 115 
arrays, disk. See RAID 
authentication 
group services 95 
mail relay server 117 
user 58 
VPN 125 
wireless network 33 
See also passwords 
automated installation 31 


backup 
before installing 150 
restoring from 53 
server 53 

blogs 15, 120, 123 


C 


calendar 60 
calendars. See iCal service 
chat service. See iChat 
CIFS (Common Internet File 
System). See SMB 
ClamAV 118 
client computers 
See users’ computers 
Common Internet File System. 
See SMB 
computer name 133 
configuration 
about 20 
administrator 44, 59, 72 
AirPort Base Station 33, 128, 
129, 153 
Internet router 129, 155 


Index 


157 


158 


port mapping 153 
users 56 
See also advanced 
configuration; standard 
configuration; 
workgroup configuration 
contact info, user 68 


D 


DHCP server 39, 128, 129 
Directory application 81, 90 
directory server 
connecting to 135 
group members 76, 100 
importing groups 63 
importing users 56, 62 
Directory Utility 85, 134, 135 
disk arrays. See RAID 
disk mirroring. See mirroring, 
disk 
disks 
erasing 150 
formats 150, 151 
partitioning 150, 152 
target installation 34, 38 
Disk Utility 151, 152 
DNS (Domain Name System) 
service 110, 134 
DNS name 134 
documentation 144, 147, 148 
DVD drive 32 


Index 


E 


email. See mail service; 
messages 

email addresses 56, 94, 132 

Ethernet ports 42, 45 


i 


file sharing 
about 108 
access control 109 
adding folder 108 
Groups folder 102, 107 
managing 107 
Public folder 107 
removing folder 109 
server addresses 110 
finding with Spotlight 18 
firewall settings 88, 89, 136 
formats, disk 150, 151 


G 


gateway, server as 42, 45 
See also Internet router 
graphs, server 49, 141 
group accounts 
adding 90, 94 
deleting 90, 96 
members 97, 99 
naming 102 
settings 101 


See also groups; user 
accounts 
groups 
access control 95 
calendar sharing 105 
importing 63 
mailing list 103, 106 
membership 70, 97, 99 
naming 102 
settings 93, 101 
shared folders 102, 107 
wikis 103, 105, 106, 122 
See also group accounts; 
users 
Groups folder 102, 107 


H 


hard disk. See disks 
help, using 143 


iCal service 
about 14,112 
attachment sizes 111 
group calendar 105 
managing 111 
user data limitations 111 
user setup 87 

iChat service 
about 113 
archiving messages 115 
buddy settings 113 


Google Talk 115 
managing 113 
port mapping 155 
saving messages 115 
user setup 86 
XMPP services 115 
importing 
groups 63 
user accounts 62, 72,75 
installation 
about 31 
advanced 31 
automated 31 
backup before 150 
clean 34, 37 
information for 31 
local 34 
new 34, 37 
physical location 32 
preparation for 32, 36, 150 
remote 37 
security 33 
server software 31, 34, 37 
system requirements 32 
target disk 34, 38 
Installer 34, 53, 150 
instant messaging. See iChat 
service 
interfaces, network 
See ports, Ethernet 
Internet router 


DHCP service of 128 
port mapping 155 
VPN through 129 
IP address 
gateway 42,45 
remote server 39, 46 
server's, changing 134 
VPN service 127, 128 
ISP (Internet service 
provider) 117, 134 


J 


junk mail screening 118 


L 
L2TP (Layer Two Tunneling 
Protocol) 124 
Layer Two Tunneling Protocol. 
See L2TP 
Leopard Server. See Mac OS X 
Server 
Leopard users 
directory information 81,90 
server's DNS name 134 
server's IP address 135 
setting up 79, 82, 84, 85 
Local Administrator 
account 59, 72 
local hostname 133 
local server 
installation 34 
setup 42 


logs, server 138 


M 

Mac OS X Server 
about 10 
installing 31 
setting up 41 
updating 54 

mailing list 103, 106 

mail service 
about 116 
group mailing list 103, 106 
junk mail screening 118 
managing 116 
port mapping 155 
relay server 117 
user setup 87 
virus screening 118, 132 
webmail 123 

messages 
group invitation 76, 100 
notifications 132 
server invitation 75, 84 
welcome 74 
See also iChat service; mail 

service 
mirroring, disk 152 


N 


naming conventions 
computer name 133 
groups 102 


Index 


159 


160 


users 61, 71 
network 

firewall 136, 137 

IP address 128, 134 

security 33 

VPN 124 
notifications 132 


Pp 


passwords 
administrator 44, 59, 72 
root user 44 
shared secret 126 
user account 62, 71 
permissions, file 109, 110 
permissions, root 44 
picture, user 73 
Podcast Producer 17 
port forwarding. See port 
mapping 
port mapping 153 
ports, Ethernet 42, 45 
ports, firewall 88, 89 
preferences. See Server 
Preferences; System 
Preferences 
printer sharing 12 
protocols 
AFP 110 
CalIDAV 112 
IMAP 117 


Index 


L2TP 124 
POP 117 
SMB 110 
SMTP 117 
XMPP 115 
Public folder 107 


R 
RAID (Redundant Array of 
Independent Disks) 152 
relay server, mail 117 
remote servers 
installation 37 
Server Preferences 51, 52 
Server Status 49 
setup 44 
requirements, system 32 
restoring server 53 
root user 44 
router. See Internet router 


S 


searching with Spotlight 18 
security 
administrator 43, 60 
AirPort Base Station 33 
authentication 56,95, 125 
firewall settings 136 
installation 33 
root 44 
shared secret 125 
wireless network 33 


See also access; passwords 
serial number 
hardware 33, 39 
software 32, 132 
Server Admin 53, 130 
Server Assistant 36, 37, 41, 42, 
44 
Server Message Block. See SMB 
Server Preferences 
about 47 
finding settings 51 
using remotely 51, 52 
servers 
addresses 110, 121, 123 
backup of 53 
graphs 49, 141 
information on 131 
installation 31 
IP address 134 
logs 138 
managing 47 
names 133 
physical location 32 
restoring 53 
serial number for 32, 33, 39, 
132 
setup 41 
software 31 
Status monitoring 49 
updating 54 


See also directory server; 
remote servers; services 

Server Status widget 49 
services 

about 26 

group 94 

logs 138 

managing 47 

port mapping 153 

status monitoring 49 

user access control 69 

See also individual services 
setup, server 

local 42 

remote 44 

See also configuration 
shared folders 

See file sharing 
shared resources 90 

See also file sharing 
shared secret 125 
share points. See file sharing 
short name 61, 94 
64-bit computing 19 
SMB (Server Message Block) 

protocol service 110 

software. See Mac OS X Server 
Software Update 54 
spam. See junk mail screening 
Spotlight 18 
SSH 33 


standard configuration 
about 20, 22, 26 
administrator password 44 
applications 28 
backing up server 53 
documentation 143, 148 
file sharing 107 
firewall settings 136 
graphs 49, 141 
iCal service 111 
iChat service 113 
logs 138 
mail service 116, 118 
remote management 51,52 
restoring server 53 
server information 49, 131 
services included 26 
settings 51 
updating software 54 
VPN service 87, 89, 124, 127 
web services 119, 121 
See also group accounts; 
services; user accounts 
System Preferences 
computer security 60 
local hostname 133 
server's IP address 134 
Time Machine 53 
user accounts 57, 58, 80 
system requirements 32 


T 
Tiger users 86 
Time Machine 53 


U 


UCE (unsolicited commercial 
email). See junk mail 
screening 

UNIX 19 

updating 54, 148 

user accounts 

about 56, 58 

adding 60 

deleting 65 

group membership 70 

importing 62, 72,75 

local 57 

names 61, 71 

passwords 62, 71 

settings 66 

standard 43, 60 

Workgroup Manager 72 

See also administrator; 

group accounts; users 

users 

about 55 

access control 69, 71, 102 

authentication 56 

blogs 15, 120, 123 

contact info 68 

iCal data limitations 111 


Index 161 


management of 79 

messages to 74, 75, 76, 84, 
100 

naming 61, 71 

picture 73 

root 44 

setup 56 

Workgroup Manager 72 

See also groups; user 
accounts; users’ 
computers 

users’ computers 

connecting to server 79, 83, 
84, 85 

directory information 90 

managing 79 

setting up 79 

shared secret 125 


V 


virtual private network. See VPN 
virus screening 118, 132 
VNC 33 
volumes, installation 39 
VPN (virtual private network) 
about 124 
configuration file 126 


162 Index 


firewall 88, 89 
Internet router 129 

IP addresses 127 
managing 124 

port mapping 155 
shared secret 125 
user connection 87, 89 


W 


weblogs. See blogs 
webmail 123 
web services 
about 120 
managing 119 
port mapping 155 
user blogs 120, 123 
wikis 120, 122 
websites 
addresses 121, 123 
hosting conventional 121 
wiki 103, 105, 106, 120 
wikis 
about 15 
group services 103 
web services 120 
workgroup configuration 
about 20, 24, 26 


administrator password 44 

applications 28 

backing up server 53 

directory connection 135 

documentation 143, 148 

file sharing 107 

firewall settings 136 

graphs 49, 141 

iCal service 111 

iChat service 113 

logs 138 

mail service 116, 118 

remote management 51,52 

restoring server 53 

server information 49, 131 

services included 26 

settings 51 

updating software 54 

VPN service 87, 89, 124, 127 

web services 119, 121 

See also group accounts; 
services; user accounts 


Workgroup Manager 72, 130 


XMPP messaging systems 115 


www.apple.com 


034-4192-A 


Printed in Singapore 


